2a1c.2e38: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0280000 2a1c.2e38: \SystemRoot\System32\ntdll.dll: 2a1c.2e38: CreationTime: 2015-08-11T22:39:33.379985300Z 2a1c.2e38: LastWriteTime: 2015-08-08T07:29:58.168349600Z 2a1c.2e38: ChangeTime: 2015-08-12T07:01:01.158849400Z 2a1c.2e38: FileAttributes: 0x20 2a1c.2e38: Size: 0x1bce48 2a1c.2e38: NT Headers: 0xd8 2a1c.2e38: Timestamp: 0x55c59f92 2a1c.2e38: Machine: 0x8664 - amd64 2a1c.2e38: Timestamp: 0x55c59f92 2a1c.2e38: Image Version: 10.0 2a1c.2e38: SizeOfImage: 0x1c1000 (1839104) 2a1c.2e38: Resource Dir: 0x15a000 LB 0x65718 2a1c.2e38: ProductName: Microsoft® Windows® Operating System 2a1c.2e38: ProductVersion: 10.0.10240.16430 2a1c.2e38: FileVersion: 10.0.10240.16430 (th1.150807-2049) 2a1c.2e38: FileDescription: NT Layer DLL 2a1c.2e38: \SystemRoot\System32\kernel32.dll: 2a1c.2e38: CreationTime: 2015-07-10T10:59:59.699781600Z 2a1c.2e38: LastWriteTime: 2015-07-10T10:59:59.699781600Z 2a1c.2e38: ChangeTime: 2015-08-03T23:47:06.262647800Z 2a1c.2e38: FileAttributes: 0x20 2a1c.2e38: Size: 0xab830 2a1c.2e38: NT Headers: 0xf0 2a1c.2e38: Timestamp: 0x559f38ad 2a1c.2e38: Machine: 0x8664 - amd64 2a1c.2e38: Timestamp: 0x559f38ad 2a1c.2e38: Image Version: 10.0 2a1c.2e38: SizeOfImage: 0xad000 (708608) 2a1c.2e38: Resource Dir: 0xab000 LB 0x518 2a1c.2e38: ProductName: Microsoft® Windows® Operating System 2a1c.2e38: ProductVersion: 10.0.10240.16384 2a1c.2e38: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2a1c.2e38: FileDescription: Windows NT BASE API Client DLL 2a1c.2e38: \SystemRoot\System32\KernelBase.dll: 2a1c.2e38: CreationTime: 2015-07-10T11:00:10.325689700Z 2a1c.2e38: LastWriteTime: 2015-07-10T11:00:10.325689700Z 2a1c.2e38: ChangeTime: 2015-08-03T23:47:06.278273600Z 2a1c.2e38: FileAttributes: 0x20 2a1c.2e38: Size: 0x1dc680 2a1c.2e38: NT Headers: 0x100 2a1c.2e38: Timestamp: 0x559f38c3 2a1c.2e38: Machine: 0x8664 - amd64 2a1c.2e38: Timestamp: 0x559f38c3 2a1c.2e38: Image Version: 10.0 2a1c.2e38: SizeOfImage: 0x1dd000 (1953792) 2a1c.2e38: Resource Dir: 0x1c7000 LB 0x530 2a1c.2e38: ProductName: Microsoft® Windows® Operating System 2a1c.2e38: ProductVersion: 10.0.10240.16384 2a1c.2e38: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2a1c.2e38: FileDescription: Windows NT BASE API Client DLL 2a1c.2e38: \SystemRoot\System32\apisetschema.dll: 2a1c.2e38: CreationTime: 2015-07-10T11:00:04.872098600Z 2a1c.2e38: LastWriteTime: 2015-07-10T11:00:04.872098600Z 2a1c.2e38: ChangeTime: 2015-08-03T23:47:05.043835000Z 2a1c.2e38: FileAttributes: 0x20 2a1c.2e38: Size: 0x16760 2a1c.2e38: NT Headers: 0xc8 2a1c.2e38: Timestamp: 0x559f3e3d 2a1c.2e38: Machine: 0x8664 - amd64 2a1c.2e38: Timestamp: 0x559f3e3d 2a1c.2e38: Image Version: 10.0 2a1c.2e38: SizeOfImage: 0x17000 (94208) 2a1c.2e38: Resource Dir: 0x16000 LB 0x3f0 2a1c.2e38: ProductName: Microsoft® Windows® Operating System 2a1c.2e38: ProductVersion: 10.0.10240.16384 2a1c.2e38: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2a1c.2e38: FileDescription: ApiSet Schema DLL 2a1c.2e38: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2a1c.2e38: supR3HardenedWinFindAdversaries: 0x0 2a1c.2e38: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2a1c.2e38: Calling main() 2a1c.2e38: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2a1c.2e38: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2a1c.2e38: SUPR3HardenedMain: Respawn #1 2a1c.2e38: System32: \Device\HarddiskVolume3\Windows\System32 2a1c.2e38: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2a1c.2e38: KnownDllPath: C:\WINDOWS\system32 2a1c.2e38: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2a1c.2e38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2a1c.2e38: supR3HardNtEnableThreadCreation: 2a1c.2e38: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd2727fb70 pvNtTerminateThread=00007ffd272a3a20 2a1c.2e38: supR3HardenedWinDoReSpawn(1): New child 2964.26dc [kernel32]. 2a1c.2e38: supR3HardNtChildGatherData: PebBaseAddress=00007ff79d92f000 cbPeb=0x388 2a1c.2e38: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd27210000 uNtDllChildAddr=00007ffd27210000 2a1c.2e38: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd2727fb70 2a1c.2e38: supR3HardenedWinSetupChildInit: Start child. 2a1c.2e38: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2a1c.2e38: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 31 sleeps 2a1c.2e38: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2a1c.2e38: *0000000000000000-ffffffffff86ffff 0x0001/0x0000 0x0000000 2a1c.2e38: *0000000000790000-000000000076ffff 0x0004/0x0004 0x0020000 2a1c.2e38: *00000000007b0000-000000000079bfff 0x0002/0x0002 0x0040000 2a1c.2e38: 00000000007c4000-00000000007b7fff 0x0001/0x0000 0x0000000 2a1c.2e38: *00000000007d0000-00000000006d3fff 0x0000/0x0004 0x0020000 2a1c.2e38: 00000000008cc000-00000000008c8fff 0x0104/0x0004 0x0020000 2a1c.2e38: 00000000008cf000-00000000008cdfff 0x0004/0x0004 0x0020000 2a1c.2e38: *00000000008d0000-00000000008cbfff 0x0002/0x0002 0x0040000 2a1c.2e38: 00000000008d4000-00000000008c7fff 0x0001/0x0000 0x0000000 2a1c.2e38: *00000000008e0000-00000000008ddfff 0x0004/0x0004 0x0020000 2a1c.2e38: 00000000008e2000-ffffffff811e3fff 0x0001/0x0000 0x0000000 2a1c.2e38: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 2a1c.2e38: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 2a1c.2e38: 000000007fff0000-ffff8009626dffff 0x0001/0x0000 0x0000000 2a1c.2e38: *00007ff79d900000-00007ff79d8dcfff 0x0002/0x0002 0x0040000 2a1c.2e38: 00007ff79d923000-00007ff79d918fff 0x0001/0x0000 0x0000000 2a1c.2e38: *00007ff79d92d000-00007ff79d92afff 0x0004/0x0004 0x0020000 2a1c.2e38: *00007ff79d92f000-00007ff79d92dfff 0x0004/0x0004 0x0020000 2a1c.2e38: 00007ff79d930000-00007ff79d62ffff 0x0001/0x0000 0x0000000 2a1c.2e38: *00007ff79dc30000-00007ff79dc30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dc31000-00007ff79dcb6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dcb7000-00007ff79dcb7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dcb8000-00007ff79dd01fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd02000-00007ff79dd02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd03000-00007ff79dd03fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd04000-00007ff79dd05fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd06000-00007ff79dd06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd07000-00007ff79dd07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd08000-00007ff79dd0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd0c000-00007ff79dd55fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2a1c.2e38: 00007ff79dd56000-00007ff21489bfff 0x0001/0x0000 0x0000000 2a1c.2e38: *00007ffd27210000-00007ffd27210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd27211000-00007ffd2730cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd2730d000-00007ffd2734efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd2734f000-00007ffd27357fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd27358000-00007ffd27365fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd27366000-00007ffd27366fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd27367000-00007ffd27369fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd2736a000-00007ffd273d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2a1c.2e38: 00007ffd273d1000-00007ffa4e7c1fff 0x0001/0x0000 0x0000000 2a1c.2e38: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 2a1c.2e38: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS) 2a1c.2e38: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2a1c.2e38: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2a1c.2e38: supR3HardNtChildPurify: Done after 283 ms and 0 fixes (loop #0). 2a1c.2e38: supR3HardNtEnableThreadCreation: 2964.26dc: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000 2964.26dc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd27210000 2964.26dc: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS) 2964.26dc: New simple heap: #1 00000000009f0000 LB 0x400000 (for 1839104 allocation) 2964.26dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2964.26dc: System32: \Device\HarddiskVolume3\Windows\System32 2964.26dc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2964.26dc: KnownDllPath: C:\WINDOWS\system32 2964.26dc: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2964.26dc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2964.26dc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2964.26dc: Registered Dll notification callback with NTDLL. 2964.26dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 2964.26dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2964.26dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 2964.26dc: supR3HardenedDllNotificationCallback: load 00007ffd246e0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 2964.26dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 2964.26dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 2964.26dc: supR3HardenedDllNotificationCallback: load 00007ffd24980000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 2964.26dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2964.26dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24980000 'C:\WINDOWS\system32\KERNEL32.DLL' 2964.26dc: supR3HardenedDllNotificationCallback: load 00007ff79dc30000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 2964.26dc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2964.26dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2964.26dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd2727fb70 pvNtTerminateThread=00007ffd272a3a20 2a1c.2e38: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 58 ms. 2964.26dc: \SystemRoot\System32\ntdll.dll: 2964.26dc: CreationTime: 2015-08-11T22:39:33.379985300Z 2964.26dc: LastWriteTime: 2015-08-08T07:29:58.168349600Z 2964.26dc: ChangeTime: 2015-08-12T07:01:01.158849400Z 2964.26dc: FileAttributes: 0x20 2964.26dc: Size: 0x1bce48 2964.26dc: NT Headers: 0xd8 2964.26dc: Timestamp: 0x55c59f92 2964.26dc: Machine: 0x8664 - amd64 2964.26dc: Timestamp: 0x55c59f92 2964.26dc: Image Version: 10.0 2964.26dc: SizeOfImage: 0x1c1000 (1839104) 2964.26dc: Resource Dir: 0x15a000 LB 0x65718 2964.26dc: ProductName: Microsoft® Windows® Operating System 2964.26dc: ProductVersion: 10.0.10240.16430 2964.26dc: FileVersion: 10.0.10240.16430 (th1.150807-2049) 2964.26dc: FileDescription: NT Layer DLL 2964.26dc: \SystemRoot\System32\kernel32.dll: 2964.26dc: CreationTime: 2015-07-10T10:59:59.699781600Z 2964.26dc: LastWriteTime: 2015-07-10T10:59:59.699781600Z 2964.26dc: ChangeTime: 2015-08-03T23:47:06.262647800Z 2964.26dc: FileAttributes: 0x20 2964.26dc: Size: 0xab830 2964.26dc: NT Headers: 0xf0 2964.26dc: Timestamp: 0x559f38ad 2964.26dc: Machine: 0x8664 - amd64 2964.26dc: Timestamp: 0x559f38ad 2964.26dc: Image Version: 10.0 2964.26dc: SizeOfImage: 0xad000 (708608) 2964.26dc: Resource Dir: 0xab000 LB 0x518 2964.26dc: ProductName: Microsoft® Windows® Operating System 2964.26dc: ProductVersion: 10.0.10240.16384 2964.26dc: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2964.26dc: FileDescription: Windows NT BASE API Client DLL 2964.26dc: \SystemRoot\System32\KernelBase.dll: 2964.26dc: CreationTime: 2015-07-10T11:00:10.325689700Z 2964.26dc: LastWriteTime: 2015-07-10T11:00:10.325689700Z 2964.26dc: ChangeTime: 2015-08-03T23:47:06.278273600Z 2964.26dc: FileAttributes: 0x20 2964.26dc: Size: 0x1dc680 2964.26dc: NT Headers: 0x100 2964.26dc: Timestamp: 0x559f38c3 2964.26dc: Machine: 0x8664 - amd64 2964.26dc: Timestamp: 0x559f38c3 2964.26dc: Image Version: 10.0 2964.26dc: SizeOfImage: 0x1dd000 (1953792) 2964.26dc: Resource Dir: 0x1c7000 LB 0x530 2964.26dc: ProductName: Microsoft® Windows® Operating System 2964.26dc: ProductVersion: 10.0.10240.16384 2964.26dc: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2964.26dc: FileDescription: Windows NT BASE API Client DLL 2964.26dc: \SystemRoot\System32\apisetschema.dll: 2964.26dc: CreationTime: 2015-07-10T11:00:04.872098600Z 2964.26dc: LastWriteTime: 2015-07-10T11:00:04.872098600Z 2964.26dc: ChangeTime: 2015-08-03T23:47:05.043835000Z 2964.26dc: FileAttributes: 0x20 2964.26dc: Size: 0x16760 2964.26dc: NT Headers: 0xc8 2964.26dc: Timestamp: 0x559f3e3d 2964.26dc: Machine: 0x8664 - amd64 2964.26dc: Timestamp: 0x559f3e3d 2964.26dc: Image Version: 10.0 2964.26dc: SizeOfImage: 0x17000 (94208) 2964.26dc: Resource Dir: 0x16000 LB 0x3f0 2964.26dc: ProductName: Microsoft® Windows® Operating System 2964.26dc: ProductVersion: 10.0.10240.16384 2964.26dc: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2964.26dc: FileDescription: ApiSet Schema DLL 2964.26dc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2964.26dc: supR3HardenedWinFindAdversaries: 0x0 2964.26dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2964.26dc: Calling main() 2964.26dc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2964.26dc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2964.26dc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2964.26dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2964.26dc: SUPR3HardenedMain: Respawn #2 2964.26dc: supR3HardNtEnableThreadCreation: 2964.26dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd2727fb70 pvNtTerminateThread=00007ffd272a3a20 2964.26dc: supR3HardenedWinDoReSpawn(2): New child 2dd4.2f8c [kernel32]. 2964.26dc: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 2964.26dc: supR3HardNtChildGatherData: PebBaseAddress=00007ff79d116000 cbPeb=0x388 2964.26dc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd27210000 uNtDllChildAddr=00007ffd27210000 2964.26dc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd2727fb70 2964.26dc: supR3HardenedWinSetupChildInit: Start child. 2964.26dc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2964.26dc: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 30 sleeps 2964.26dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2964.26dc: *0000000000000000-ffffffffffd3ffff 0x0001/0x0000 0x0000000 2964.26dc: *00000000002c0000-000000000029ffff 0x0004/0x0004 0x0020000 2964.26dc: *00000000002e0000-00000000002cbfff 0x0002/0x0002 0x0040000 2964.26dc: 00000000002f4000-00000000002e7fff 0x0001/0x0000 0x0000000 2964.26dc: *0000000000300000-0000000000203fff 0x0000/0x0004 0x0020000 2964.26dc: 00000000003fc000-00000000003f8fff 0x0104/0x0004 0x0020000 2964.26dc: 00000000003ff000-00000000003fdfff 0x0004/0x0004 0x0020000 2964.26dc: *0000000000400000-00000000003fbfff 0x0002/0x0002 0x0040000 2964.26dc: 0000000000404000-00000000003f7fff 0x0001/0x0000 0x0000000 2964.26dc: *0000000000410000-000000000040dfff 0x0004/0x0004 0x0020000 2964.26dc: 0000000000412000-ffffffff80843fff 0x0001/0x0000 0x0000000 2964.26dc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 2964.26dc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 2964.26dc: 000000007fff0000-ffff800962eeffff 0x0001/0x0000 0x0000000 2964.26dc: *00007ff79d0f0000-00007ff79d0ccfff 0x0002/0x0002 0x0040000 2964.26dc: 00007ff79d113000-00007ff79d10ffff 0x0001/0x0000 0x0000000 2964.26dc: *00007ff79d116000-00007ff79d114fff 0x0004/0x0004 0x0020000 2964.26dc: 00007ff79d117000-00007ff79d10ffff 0x0001/0x0000 0x0000000 2964.26dc: *00007ff79d11e000-00007ff79d11bfff 0x0004/0x0004 0x0020000 2964.26dc: 00007ff79d120000-00007ff79c60ffff 0x0001/0x0000 0x0000000 2964.26dc: *00007ff79dc30000-00007ff79dc30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dc31000-00007ff79dcb6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dcb7000-00007ff79dcb7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dcb8000-00007ff79dd01fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd02000-00007ff79dd02fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd03000-00007ff79dd03fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd04000-00007ff79dd05fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd06000-00007ff79dd06fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd07000-00007ff79dd07fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd08000-00007ff79dd0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd0c000-00007ff79dd55fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2964.26dc: 00007ff79dd56000-00007ff21489bfff 0x0001/0x0000 0x0000000 2964.26dc: *00007ffd27210000-00007ffd27210fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd27211000-00007ffd2730cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd2730d000-00007ffd2734efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd2734f000-00007ffd27357fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd27358000-00007ffd27365fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd27366000-00007ffd27366fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd27367000-00007ffd27369fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd2736a000-00007ffd273d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 2964.26dc: 00007ffd273d1000-00007ffa4e7c1fff 0x0001/0x0000 0x0000000 2964.26dc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 2964.26dc: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS) 2964.26dc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2964.26dc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 2964.26dc: supR3HardNtChildPurify: Done after 283 ms and 0 fixes (loop #0). 2964.26dc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000009f0000 LB 0x400000) 2dd4.2f8c: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000 2964.26dc: supR3HardNtEnableThreadCreation: 2dd4.2f8c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd27210000 2dd4.2f8c: ntdll.dll: timestamp 0x55c59f92 (rc=VINF_SUCCESS) 2dd4.2f8c: New simple heap: #1 0000000000520000 LB 0x400000 (for 1839104 allocation) 2dd4.2f8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2dd4.2f8c: System32: \Device\HarddiskVolume3\Windows\System32 2dd4.2f8c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2dd4.2f8c: KnownDllPath: C:\WINDOWS\system32 2dd4.2f8c: supR3HardenedVmProcessInit: Opening vboxdrv... 2dd4.2f8c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2dd4.2f8c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2dd4.2f8c: Registered Dll notification callback with NTDLL. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd246e0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24980000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24980000 'C:\WINDOWS\system32\KERNEL32.DLL' 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ff79dc30000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 2dd4.2f8c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 2dd4.2f8c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd2727fb70 pvNtTerminateThread=00007ffd272a3a20 2964.26dc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 64 ms. 2dd4.2f8c: \SystemRoot\System32\ntdll.dll: 2dd4.2f8c: CreationTime: 2015-08-11T22:39:33.379985300Z 2dd4.2f8c: LastWriteTime: 2015-08-08T07:29:58.168349600Z 2dd4.2f8c: ChangeTime: 2015-08-12T07:01:01.158849400Z 2dd4.2f8c: FileAttributes: 0x20 2dd4.2f8c: Size: 0x1bce48 2dd4.2f8c: NT Headers: 0xd8 2dd4.2f8c: Timestamp: 0x55c59f92 2dd4.2f8c: Machine: 0x8664 - amd64 2dd4.2f8c: Timestamp: 0x55c59f92 2dd4.2f8c: Image Version: 10.0 2dd4.2f8c: SizeOfImage: 0x1c1000 (1839104) 2dd4.2f8c: Resource Dir: 0x15a000 LB 0x65718 2dd4.2f8c: ProductName: Microsoft® Windows® Operating System 2dd4.2f8c: ProductVersion: 10.0.10240.16430 2dd4.2f8c: FileVersion: 10.0.10240.16430 (th1.150807-2049) 2dd4.2f8c: FileDescription: NT Layer DLL 2dd4.2f8c: \SystemRoot\System32\kernel32.dll: 2dd4.2f8c: CreationTime: 2015-07-10T10:59:59.699781600Z 2dd4.2f8c: LastWriteTime: 2015-07-10T10:59:59.699781600Z 2dd4.2f8c: ChangeTime: 2015-08-03T23:47:06.262647800Z 2dd4.2f8c: FileAttributes: 0x20 2dd4.2f8c: Size: 0xab830 2dd4.2f8c: NT Headers: 0xf0 2dd4.2f8c: Timestamp: 0x559f38ad 2dd4.2f8c: Machine: 0x8664 - amd64 2dd4.2f8c: Timestamp: 0x559f38ad 2dd4.2f8c: Image Version: 10.0 2dd4.2f8c: SizeOfImage: 0xad000 (708608) 2dd4.2f8c: Resource Dir: 0xab000 LB 0x518 2dd4.2f8c: ProductName: Microsoft® Windows® Operating System 2dd4.2f8c: ProductVersion: 10.0.10240.16384 2dd4.2f8c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2dd4.2f8c: FileDescription: Windows NT BASE API Client DLL 2dd4.2f8c: \SystemRoot\System32\KernelBase.dll: 2dd4.2f8c: CreationTime: 2015-07-10T11:00:10.325689700Z 2dd4.2f8c: LastWriteTime: 2015-07-10T11:00:10.325689700Z 2dd4.2f8c: ChangeTime: 2015-08-03T23:47:06.278273600Z 2dd4.2f8c: FileAttributes: 0x20 2dd4.2f8c: Size: 0x1dc680 2dd4.2f8c: NT Headers: 0x100 2dd4.2f8c: Timestamp: 0x559f38c3 2dd4.2f8c: Machine: 0x8664 - amd64 2dd4.2f8c: Timestamp: 0x559f38c3 2dd4.2f8c: Image Version: 10.0 2dd4.2f8c: SizeOfImage: 0x1dd000 (1953792) 2dd4.2f8c: Resource Dir: 0x1c7000 LB 0x530 2dd4.2f8c: ProductName: Microsoft® Windows® Operating System 2dd4.2f8c: ProductVersion: 10.0.10240.16384 2dd4.2f8c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2dd4.2f8c: FileDescription: Windows NT BASE API Client DLL 2dd4.2f8c: \SystemRoot\System32\apisetschema.dll: 2dd4.2f8c: CreationTime: 2015-07-10T11:00:04.872098600Z 2dd4.2f8c: LastWriteTime: 2015-07-10T11:00:04.872098600Z 2dd4.2f8c: ChangeTime: 2015-08-03T23:47:05.043835000Z 2dd4.2f8c: FileAttributes: 0x20 2dd4.2f8c: Size: 0x16760 2dd4.2f8c: NT Headers: 0xc8 2dd4.2f8c: Timestamp: 0x559f3e3d 2dd4.2f8c: Machine: 0x8664 - amd64 2dd4.2f8c: Timestamp: 0x559f3e3d 2dd4.2f8c: Image Version: 10.0 2dd4.2f8c: SizeOfImage: 0x17000 (94208) 2dd4.2f8c: Resource Dir: 0x16000 LB 0x3f0 2dd4.2f8c: ProductName: Microsoft® Windows® Operating System 2dd4.2f8c: ProductVersion: 10.0.10240.16384 2dd4.2f8c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 2dd4.2f8c: FileDescription: ApiSet Schema DLL 2dd4.2f8c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2dd4.2f8c: supR3HardenedWinFindAdversaries: 0x0 2dd4.2f8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2dd4.2f8c: Calling main() 2dd4.2f8c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2dd4.2f8c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2dd4.2f8c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2dd4.2f8c: SUPR3HardenedMain: Final process, opening VBoxDrv... 2dd4.2f8c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000520000 LB 0x400000) 2dd4.2f8c: supR3HardNtEnableThreadCreation: 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd22230000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd22230000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd22230000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd22230000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24c80000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23c40000 LB 0x00011000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd243a0000 LB 0x001c1000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd27030000 LB 0x00126000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24340000 LB 0x00054000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\WINDOWS\system32\Wintrust.dll' 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23750000 LB 0x00028000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23750000 'C:\WINDOWS\system32\bcrypt.dll' 2dd4.2f8c: bcrypt.dll loaded at 00007ffd23750000, BCryptOpenAlgorithmProvider at 00007ffd23754a00, preloading providers: 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23a70000 LB 0x0006b000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23a70000 'C:\WINDOWS\system32\bcryptprimitives.dll' 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000b0a090) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000b0a750) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000b0aa20) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000b0ad80) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000b0b8a0) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000b0bbb0) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000b0bec0) 2dd4.2f8c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000b0c190) 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd234e0000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23130000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23650000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24980000 'C:\WINDOWS\system32\kernel32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\CRYPT32.dll' 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24d20000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24a30000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd22b40000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23c20000 LB 0x00013000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0] 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24ec0000 LB 0x0005b000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd14240000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\WINDOWS\system32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd14240000 'C:\Windows\System32\cryptnet.dll' 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd27160000 LB 0x000a6000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=311B4CDD9B998ED36E8EA94DCB004D809301CC36 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd27030000 'C:\WINDOWS\system32\rpcrt4.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\Windows\System32\WINTRUST.DLL' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_483_for_KB3081436~31bf3856ad364e35~amd64~~10.0.1.1.cat'; file='\SystemRoot\System32\ntdll.dll' 2dd4.2f8c: g_pfnWinVerifyTrust=00007ffd24348890 2dd4.2f8c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x1bb0b25f118c700 CN=DAKDESKHP 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xc3bcd63ebda56d21 CN=USB\MS_COMP_LIBUSBK (libwdi autogenerated) 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x26c66a5b46bc7b50 CN=USB\MS_COMP_WINUSB (libwdi autogenerated) 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x808533be0de10a4a CN=USB\VID_04E8&PID_6860 (libwdi autogenerated) 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x6cbf46949c10a9aa C=US, CN=Hewlett-Packard Company CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x6275bb37cca51775 C=US, CN=Hewlett-Packard Company CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x5bf2acc79c700d30 CN=USB\VID_046D&PID_081D&MI_00 (libwdi autogenerated) 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x4896b4e8912248b6 CN=USB\VID_04E8&PID_685D (libwdi autogenerated) 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 2dd4.2f8c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 2dd4.2f8c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=60 2dd4.2f8c: SUPR3HardenedMain: Load Runtime... 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 0000000057660000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00000000575c0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd248c0000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd267f0000 LB 0x00069000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffcf3750000 LB 0x00543000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\nsi.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rescheduled] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24340000 'C:\WINDOWS\system32\Wintrust.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: SUPR3HardenedMain: Load TrustedMain... 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\devobj.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_207_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msctf.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd26ee0000 LB 0x0014e000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24a90000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd22220000 LB 0x00008000 C:\WINDOWS\SYSTEM32\DCIMAN32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffcf3650000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\DDRAW.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd1bc30000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffcf4490000 LB 0x00128000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd26bb0000 LB 0x0027c000 C:\WINDOWS\system32\combase.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd264d0000 LB 0x00141000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 0000000054f00000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24620000 LB 0x000b3000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd248d0000 LB 0x00051000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd1d6a0000 LB 0x000aa000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23c60000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23c70000 LB 0x0004a000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23d10000 LB 0x00629000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24fa0000 LB 0x01522000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd26ad0000 LB 0x000d7000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd26a10000 LB 0x000be000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24d60000 LB 0x0015c000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd24940000 LB 0x00036000 C:\WINDOWS\system32\IMM32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23cc0000 LB 0x00044000 C:\WINDOWS\system32\cfgmgr32.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd22590000 LB 0x00027000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd21040000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd210d0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd220e0000 LB 0x00084000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00000000543a0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 0000000054df0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 0000000054d10000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffcf20c0000 LB 0x00ab1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msctf.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\devobj.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rescheduled] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'. 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 2dd4.2f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust] 2dd4.2f8c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'. 2dd4.2f8c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24940000 'C:\WINDOWS\system32\imm32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf20c0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 2dd4.2f8c: SUPR3HardenedMain: Calling TrustedMain (00007ffcf20c1770)... 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd210d0000 'C:\WINDOWS\system32\winmm.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000634 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_205_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd224f0000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd224f0000 'C:\WINDOWS\system32\uxtheme.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd21010000 LB 0x00022000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000065c pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b550f0 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' 2dd4.2f8c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24980000 'C:\WINDOWS\system32\kernel32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd224f0000 'C:\WINDOWS\system32\uxtheme.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd224f0000 'C:\WINDOWS\system32\uxtheme.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd26ee0000 'C:\WINDOWS\system32\user32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd224f0000 'C:\WINDOWS\system32\uxtheme.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd26ee0000 'C:\WINDOWS\system32\user32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd27160000 'C:\WINDOWS\system32\advapi32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd23220000 LB 0x0001f000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23220000 'C:\WINDOWS\system32\userenv.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24980000 'C:\WINDOWS\system32\kernel32.dll' 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 00007ffd26e30000 LB 0x000a5000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 2dd4.2a5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 2dd4.2a5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2a5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2dd4.2a5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll) WinVerifyTrust 2dd4.2a5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2a5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\psapi.dll) WinVerifyTrust 2dd4.2a5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\psapi.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 2dd4.2a5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 2dd4.2a5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2dd4.2a5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 2dd4.2a5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll 2dd4.2a5c: supR3HardenedDllNotificationCallback: load 00007ffd24f90000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0] 2dd4.2a5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\psapi.dll 2dd4.2a5c: supR3HardenedDllNotificationCallback: load 00007ffd209c0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0] 2dd4.2a5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll 2dd4.2a5c: supR3HardenedDllNotificationCallback: load 00007ffcf3070000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 2dd4.2a5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf3070000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 2dd4.2a5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2dd4.2a5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd26a10000 'C:\Windows\System32\oleaut32.dll' 2dd4.2a5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sxs.dll) 2dd4.2a5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sxs.dll 2dd4.2a5c: supR3HardenedDllNotificationCallback: load 00007ffd23ae0000 LB 0x00098000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0] 2dd4.2a5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sxs.dll [avoiding WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sxs.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd26a10000 'C:\WINDOWS\system32\OLEAUT32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a90000 'C:\WINDOWS\system32\gdi32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24fa0000 'C:\WINDOWS\system32\shell32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd26ee0000 'C:\WINDOWS\system32\user32.dll' 2dd4.2f8c: \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll: Owner is administrators group. 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'comctl32.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'uxtheme.dll'. 2dd4.2f8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. 2dd4.2f8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll) WinVerifyTrust 2dd4.2f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 2dd4.2f8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2dd4.2f8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2dd4.2f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll 2dd4.2f8c: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x0003b000 C:\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll [fFlags=0x0] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd26ee0000 'C:\WINDOWS\system32\User32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Program Files (x86)\DisplayFusion\Hooks\AppHookx64_C81D6947-64C4-4F85-89B1-2B2AF7639F08.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: 'C:\WINDOWS\system32\comctl32.dll' -> 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir] 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd23130000 'C:\WINDOWS\system32\rsaenh.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd243a0000 'C:\WINDOWS\system32\crypt32.dll' 2dd4.2f8c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\WINDOWS\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2dd4.2f8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd1d6a0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' 2dd4.2f8c: Terminating the normal way: rcExit=1 2964.26dc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 4704 ms, the end); 2a1c.2e38: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5069 ms, the end);