Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 941570 Details for
Bug 1146971
login fails on installing of virtualbox guest addition
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
vbox startup log
VBoxStartup.log (text/plain), 704.44 KB, created by
kksheth
on 2014-09-26 13:36:43 UTC
(
hide
)
Description:
vbox startup log
Filename:
MIME Type:
Creator:
kksheth
Created:
2014-09-26 13:36:43 UTC
Size:
704.44 KB
patch
obsolete
>c7c.1370: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 >c7c.1370: Calling main() >c7c.1370: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 >c7c.1370: SUPR3HardenedMain: Respawn #1 >c7c.1370: System32: \Device\HarddiskVolume2\Windows\System32 >c7c.1370: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS >c7c.1370: ProgDir: \Device\HarddiskVolume2\Program Files >c7c.1370: ComDir: \Device\HarddiskVolume2\Program Files\Common Files >c7c.1370: ProgDir32: \Device\HarddiskVolume2\Program Files (x86) >c7c.1370: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files >c7c.1370: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports >c7c.1370: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) >c7c.1370: supR3HardNtEnableThreadCreation: >c7c.1370: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb96089c5c pvNtTerminateThread=00007ffb960b1ba0 >c7c.1370: supR3HardenedWinDoReSpawn(1): New child 13e8.6a4 [kernel32]. >c7c.1370: supR3HardenedWinPurifyChild: PebBaseAddress=00007ff6c50ed000 cbPeb=0x388 >c7c.1370: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb96020000 uNtDllChildAddr=00007ffb96020000 >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=00007ffb96089c5c uNtTerminateThread=00007ffb960b1ba0 >c7c.1370: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb96089c5c pvNtTerminateThread=00007ffb960b1ba0 >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd] >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000003d0000 LB 0x1a6000 >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 00007ffb94ee0000 LB 0x13a000 >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 00007ffb935c0000 LB 0x10f000 >c7c.1370: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 31 ms >c7c.1370: supR3HardNtEnableThreadCreation: >c7c.1370: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION >c7c.1370: *0000000000000000-ffffffffffd7ffff 0x0001/0x0000 0x0000000 >c7c.1370: *0000000000280000-000000000025ffff 0x0004/0x0004 0x0020000 >c7c.1370: *00000000002a0000-0000000000290fff 0x0002/0x0002 0x0040000 >c7c.1370: 00000000002af000-00000000002adfff 0x0001/0x0000 0x0000000 >c7c.1370: *00000000002b0000-00000000001b3fff 0x0000/0x0004 0x0020000 >c7c.1370: 00000000003ac000-00000000003a8fff 0x0104/0x0004 0x0020000 >c7c.1370: 00000000003af000-00000000003adfff 0x0004/0x0004 0x0020000 >c7c.1370: *00000000003b0000-00000000003abfff 0x0002/0x0002 0x0040000 >c7c.1370: 00000000003b4000-00000000003a7fff 0x0001/0x0000 0x0000000 >c7c.1370: *00000000003c0000-00000000003bdfff 0x0004/0x0004 0x0020000 >c7c.1370: 00000000003c2000-ffffffff807a3fff 0x0001/0x0000 0x0000000 >c7c.1370: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 >c7c.1370: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 >c7c.1370: 000000007fff0000-ffff800a3af1ffff 0x0001/0x0000 0x0000000 >c7c.1370: *00007ff6c50c0000-00007ff6c509cfff 0x0002/0x0002 0x0040000 >c7c.1370: 00007ff6c50e3000-00007ff6c50d8fff 0x0001/0x0000 0x0000000 >c7c.1370: *00007ff6c50ed000-00007ff6c50ebfff 0x0004/0x0004 0x0020000 >c7c.1370: *00007ff6c50ee000-00007ff6c50ebfff 0x0004/0x0004 0x0020000 >c7c.1370: 00007ff6c50f0000-00007ff6c43cffff 0x0001/0x0000 0x0000000 >c7c.1370: *00007ff6c5e10000-00007ff6c5e0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >c7c.1370: 00007ff6c5e11000-00007ff6c5d91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >c7c.1370: 00007ff6c5e90000-00007ff6c5e8efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >c7c.1370: 00007ff6c5e91000-00007ff6c5e59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >c7c.1370: 00007ff6c5ec8000-00007ff6c5ebefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >c7c.1370: 00007ff6c5ed1000-00007ff6c5e97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >c7c.1370: 00007ff6c5f0a000-00007ff1f5df3fff 0x0001/0x0000 0x0000000 >c7c.1370: *00007ffb96020000-00007ffb9601efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb96021000-00007ffb95efbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb96146000-00007ffb9613cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb9614f000-00007ffb96141fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb9615c000-00007ffb9615afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb9615d000-00007ffb9615bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb9615e000-00007ffb960f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >c7c.1370: 00007ffb961c6000-00007ff72c3abfff 0x0001/0x0000 0x0000000 >c7c.1370: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 >c7c.1370: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports >c7c.1370: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports >13e8.6a4: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 >13e8.6a4: Calling main() >13e8.6a4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 >13e8.6a4: System32: \Device\HarddiskVolume2\Windows\System32 >13e8.6a4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS >13e8.6a4: ProgDir: \Device\HarddiskVolume2\Program Files >13e8.6a4: ComDir: \Device\HarddiskVolume2\Program Files\Common Files >13e8.6a4: ProgDir32: \Device\HarddiskVolume2\Program Files (x86) >13e8.6a4: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files >13e8.6a4: supR3HardenedWinInit: Startup delay kludge #2/0: 125 ms, 8 sleeps >13e8.6a4: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION >13e8.6a4: *0000000000000000-ffffffffffd7ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000280000-000000000026ffff 0x0004/0x0004 0x0040000 >13e8.6a4: 0000000000290000-000000000027ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000002a0000-0000000000290fff 0x0002/0x0002 0x0040000 >13e8.6a4: 00000000002af000-00000000002adfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000002b0000-00000000001b4fff 0x0000/0x0004 0x0020000 >13e8.6a4: 00000000003ab000-00000000003a7fff 0x0104/0x0004 0x0020000 >13e8.6a4: 00000000003ae000-00000000003abfff 0x0004/0x0004 0x0020000 >13e8.6a4: *00000000003b0000-00000000003abfff 0x0002/0x0002 0x0040000 >13e8.6a4: 00000000003b4000-00000000003a7fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000003c0000-00000000003bdfff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000003c2000-00000000003b3fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000003d0000-0000000000351fff 0x0002/0x0002 0x0040000 >13e8.6a4: 000000000044e000-000000000044bfff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000450000-000000000044dfff 0x0004/0x0004 0x0020000 >13e8.6a4: 0000000000452000-0000000000439fff 0x0000/0x0004 0x0020000 >13e8.6a4: 000000000046a000-0000000000393fff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000540000-0000000000511fff 0x0004/0x0004 0x0020000 >13e8.6a4: 000000000056e000-000000000049bfff 0x0000/0x0004 0x0020000 >13e8.6a4: *0000000000640000-000000000063efff 0x0000/0x0004 0x0020000 >13e8.6a4: 0000000000641000-0000000000499fff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000007e8000-00000000007e6fff 0x0000/0x0004 0x0020000 >13e8.6a4: 00000000007e9000-ffffffff80ff1fff 0x0001/0x0000 0x0000000 >13e8.6a4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 >13e8.6a4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 >13e8.6a4: 000000007fff0000-ffff800a3b01ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c4fc0000-00007ff6c4fbafff 0x0002/0x0002 0x0040000 >13e8.6a4: 00007ff6c4fc5000-00007ff6c4ec9fff 0x0000/0x0002 0x0040000 >13e8.6a4: *00007ff6c50c0000-00007ff6c509cfff 0x0002/0x0002 0x0040000 >13e8.6a4: 00007ff6c50e3000-00007ff6c50d8fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c50ed000-00007ff6c50ebfff 0x0004/0x0004 0x0020000 >13e8.6a4: *00007ff6c50ee000-00007ff6c50ebfff 0x0004/0x0004 0x0020000 >13e8.6a4: 00007ff6c50f0000-00007ff6c43cffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c5e10000-00007ff6c5e0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e11000-00007ff6c5d91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e90000-00007ff6c5e8efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e91000-00007ff6c5e59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5ec8000-00007ff6c5ebefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5ed1000-00007ff6c5e97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5f0a000-00007ff1f8853fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb935c0000-00007ffb935befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb935c1000-00007ffb934d3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936ae000-00007ffb936aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936b1000-00007ffb936affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936b2000-00007ffb93694fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936cf000-00007ffb91ebdfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb94ee0000-00007ffb94edefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ee1000-00007ffb94dcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ff4000-00007ffb94ff2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ff5000-00007ffb94ff3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ff6000-00007ffb94fd1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb9501a000-00007ffb94013fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb96020000-00007ffb9601efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb96021000-00007ffb95efbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb96146000-00007ffb9613cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9614f000-00007ffb96140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615d000-00007ffb9615bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615e000-00007ffb960f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb961c6000-00007ff72c3abfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 >13e8.6a4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports >13e8.6a4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports >13e8.6a4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports >13e8.6a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) >13e8.6a4: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY >13e8.6a4: *0000000000000000-ffffffffffd7ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000280000-000000000026ffff 0x0004/0x0004 0x0040000 >13e8.6a4: 0000000000290000-000000000027ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000002a0000-0000000000290fff 0x0002/0x0002 0x0040000 >13e8.6a4: 00000000002af000-00000000002adfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000002b0000-00000000001b6fff 0x0000/0x0004 0x0020000 >13e8.6a4: 00000000003a9000-00000000003a5fff 0x0104/0x0004 0x0020000 >13e8.6a4: 00000000003ac000-00000000003a7fff 0x0004/0x0004 0x0020000 >13e8.6a4: *00000000003b0000-00000000003abfff 0x0002/0x0002 0x0040000 >13e8.6a4: 00000000003b4000-00000000003a7fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000003c0000-00000000003bdfff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000003c2000-00000000003b3fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000003d0000-0000000000351fff 0x0002/0x0002 0x0040000 >13e8.6a4: 000000000044e000-000000000044bfff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000450000-000000000044dfff 0x0004/0x0004 0x0020000 >13e8.6a4: 0000000000452000-0000000000439fff 0x0000/0x0004 0x0020000 >13e8.6a4: 000000000046a000-0000000000393fff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000540000-0000000000503fff 0x0004/0x0004 0x0020000 >13e8.6a4: 000000000057c000-000000000057afff 0x0000/0x0004 0x0020000 >13e8.6a4: 000000000057d000-0000000000554fff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000005a5000-0000000000509fff 0x0000/0x0004 0x0020000 >13e8.6a4: *0000000000640000-000000000063efff 0x0000/0x0004 0x0020000 >13e8.6a4: 0000000000641000-0000000000499fff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000007e8000-00000000007e6fff 0x0000/0x0004 0x0020000 >13e8.6a4: 00000000007e9000-00000000007e1fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00000000007f0000-00000000006f3fff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000008ec000-00000000008e9fff 0x0000/0x0004 0x0020000 >13e8.6a4: 00000000008ee000-00000000008ecfff 0x0004/0x0004 0x0020000 >13e8.6a4: 00000000008ef000-00000000008edfff 0x0000/0x0004 0x0020000 >13e8.6a4: *00000000008f0000-00000000008e6fff 0x0000/0x0004 0x0020000 >13e8.6a4: 00000000008f9000-00000000007bdfff 0x0004/0x0004 0x0020000 >13e8.6a4: 0000000000a34000-0000000000a32fff 0x0000/0x0004 0x0020000 >13e8.6a4: 0000000000a35000-0000000000a29fff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000a40000-0000000000a30fff 0x0000/0x0004 0x0020000 >13e8.6a4: 0000000000a4f000-000000000093efff 0x0004/0x0004 0x0020000 >13e8.6a4: 0000000000b5f000-0000000000b5dfff 0x0000/0x0004 0x0020000 >13e8.6a4: *0000000000b60000-0000000000b56fff 0x0000/0x0004 0x0020000 >13e8.6a4: 0000000000b69000-0000000000a58fff 0x0004/0x0004 0x0020000 >13e8.6a4: 0000000000c79000-0000000000c77fff 0x0000/0x0004 0x0020000 >13e8.6a4: 0000000000c7a000-ffffffff81913fff 0x0001/0x0000 0x0000000 >13e8.6a4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 >13e8.6a4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 >13e8.6a4: 000000007fff0000-ffff800a3b01ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c4fc0000-00007ff6c4fbafff 0x0002/0x0002 0x0040000 >13e8.6a4: 00007ff6c4fc5000-00007ff6c4ec9fff 0x0000/0x0002 0x0040000 >13e8.6a4: *00007ff6c50c0000-00007ff6c509cfff 0x0002/0x0002 0x0040000 >13e8.6a4: 00007ff6c50e3000-00007ff6c50d8fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c50ed000-00007ff6c50ebfff 0x0004/0x0004 0x0020000 >13e8.6a4: *00007ff6c50ee000-00007ff6c50ebfff 0x0004/0x0004 0x0020000 >13e8.6a4: 00007ff6c50f0000-00007ff6c43cffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c5e10000-00007ff6c5e0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e11000-00007ff6c5d90fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e91000-00007ff6c5e59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5ec8000-00007ff6c5ebefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5ed1000-00007ff6c5e97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5f0a000-00007ff1f8853fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb935c0000-00007ffb935befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb935c1000-00007ffb934d3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936ae000-00007ffb936aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936b1000-00007ffb936affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936b2000-00007ffb93694fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: 00007ffb936cf000-00007ffb91ebdfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb94ee0000-00007ffb94edefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ee1000-00007ffb94dcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ff4000-00007ffb94ff2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ff5000-00007ffb94ff3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb94ff6000-00007ffb94fd1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: 00007ffb9501a000-00007ffb94023fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb96010000-00007ffb9600efff 0x0004/0x0004 0x0020000 >13e8.6a4: 00007ffb96011000-00007ffb96001fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb96020000-00007ffb9601efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb96021000-00007ffb95efbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb96146000-00007ffb9613cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9614f000-00007ffb96140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615d000-00007ffb9615bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615e000-00007ffb960f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb961c6000-00007ff72c3abfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 >13e8.6a4: SUPR3HardenedMain: Respawn #2 >13e8.6a4: supR3HardNtEnableThreadCreation: >13e8.6a4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb96089c5c pvNtTerminateThread=00007ffb960b1ba0 >13e8.6a4: supR3HardenedWinDoReSpawn(2): New child 8b8.12bc [kernel32]. >13e8.6a4: supR3HardenedWinPurifyChild: PebBaseAddress=00007ff6c576a000 cbPeb=0x388 >13e8.6a4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb96020000 uNtDllChildAddr=00007ffb96020000 >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=00007ffb96089c5c uNtTerminateThread=00007ffb960b1ba0 >13e8.6a4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb96089c5c pvNtTerminateThread=00007ffb960b1ba0 >13e8.6a4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports >13e8.6a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) >13e8.6a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd] >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000003a0000 LB 0x1a6000 >13e8.6a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) >13e8.6a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 00007ffb94ee0000 LB 0x13a000 >13e8.6a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) >13e8.6a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 00007ffb935c0000 LB 0x10f000 >13e8.6a4: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 31 ms >13e8.6a4: supR3HardNtEnableThreadCreation: >13e8.6a4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION >13e8.6a4: *0000000000000000-ffffffffffdaffff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000250000-000000000022ffff 0x0004/0x0004 0x0020000 >13e8.6a4: *0000000000270000-0000000000260fff 0x0002/0x0002 0x0040000 >13e8.6a4: 000000000027f000-000000000027dfff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000280000-0000000000183fff 0x0000/0x0004 0x0020000 >13e8.6a4: 000000000037c000-0000000000378fff 0x0104/0x0004 0x0020000 >13e8.6a4: 000000000037f000-000000000037dfff 0x0004/0x0004 0x0020000 >13e8.6a4: *0000000000380000-000000000037bfff 0x0002/0x0002 0x0040000 >13e8.6a4: 0000000000384000-0000000000377fff 0x0001/0x0000 0x0000000 >13e8.6a4: *0000000000390000-000000000038dfff 0x0004/0x0004 0x0020000 >13e8.6a4: 0000000000392000-ffffffff80743fff 0x0001/0x0000 0x0000000 >13e8.6a4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 >13e8.6a4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 >13e8.6a4: 000000007fff0000-ffff800a3a89ffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c5740000-00007ff6c571cfff 0x0002/0x0002 0x0040000 >13e8.6a4: 00007ff6c5763000-00007ff6c575bfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c576a000-00007ff6c5768fff 0x0004/0x0004 0x0020000 >13e8.6a4: 00007ff6c576b000-00007ff6c5767fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c576e000-00007ff6c576bfff 0x0004/0x0004 0x0020000 >13e8.6a4: 00007ff6c5770000-00007ff6c50cffff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ff6c5e10000-00007ff6c5e0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e11000-00007ff6c5d91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e90000-00007ff6c5e8efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5e91000-00007ff6c5e59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5ec8000-00007ff6c5ebefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5ed1000-00007ff6c5e97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >13e8.6a4: 00007ff6c5f0a000-00007ff1f5df3fff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffb96020000-00007ffb9601efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb96021000-00007ffb95efbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb96146000-00007ffb9613cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9614f000-00007ffb96141fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615c000-00007ffb9615afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615d000-00007ffb9615bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb9615e000-00007ffb960f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >13e8.6a4: 00007ffb961c6000-00007ff72c3abfff 0x0001/0x0000 0x0000000 >13e8.6a4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 >8b8.12bc: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000 >8b8.12bc: Calling main() >8b8.12bc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 >8b8.12bc: System32: \Device\HarddiskVolume2\Windows\System32 >8b8.12bc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS >8b8.12bc: ProgDir: \Device\HarddiskVolume2\Program Files >8b8.12bc: ComDir: \Device\HarddiskVolume2\Program Files\Common Files >8b8.12bc: ProgDir32: \Device\HarddiskVolume2\Program Files (x86) >8b8.12bc: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files >8b8.12bc: supR3HardenedWinInit: Startup delay kludge #2/0: 125 ms, 8 sleeps >8b8.12bc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION >8b8.12bc: *0000000000000000-ffffffffffdaffff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000250000-000000000023ffff 0x0004/0x0004 0x0040000 >8b8.12bc: 0000000000260000-000000000024ffff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000270000-0000000000260fff 0x0002/0x0002 0x0040000 >8b8.12bc: 000000000027f000-000000000027dfff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000280000-0000000000184fff 0x0000/0x0004 0x0020000 >8b8.12bc: 000000000037b000-0000000000377fff 0x0104/0x0004 0x0020000 >8b8.12bc: 000000000037e000-000000000037bfff 0x0004/0x0004 0x0020000 >8b8.12bc: *0000000000380000-000000000037bfff 0x0002/0x0002 0x0040000 >8b8.12bc: 0000000000384000-0000000000377fff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000390000-000000000038dfff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000392000-0000000000383fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00000000003a0000-0000000000321fff 0x0002/0x0002 0x0040000 >8b8.12bc: 000000000041e000-000000000041bfff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000420000-000000000041dfff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000422000-0000000000409fff 0x0000/0x0004 0x0020000 >8b8.12bc: 000000000043a000-0000000000383fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00000000004f0000-00000000004c1fff 0x0004/0x0004 0x0020000 >8b8.12bc: 000000000051e000-000000000044bfff 0x0000/0x0004 0x0020000 >8b8.12bc: *00000000005f0000-00000000005e7fff 0x0000/0x0004 0x0020000 >8b8.12bc: 00000000005f8000-0000000000450fff 0x0004/0x0004 0x0020000 >8b8.12bc: 000000000079f000-000000000079dfff 0x0000/0x0004 0x0020000 >8b8.12bc: 00000000007a0000-ffffffff80f5ffff 0x0001/0x0000 0x0000000 >8b8.12bc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 >8b8.12bc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 >8b8.12bc: 000000007fff0000-ffff800a3a99ffff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c5640000-00007ff6c563afff 0x0002/0x0002 0x0040000 >8b8.12bc: 00007ff6c5645000-00007ff6c5549fff 0x0000/0x0002 0x0040000 >8b8.12bc: *00007ff6c5740000-00007ff6c571cfff 0x0002/0x0002 0x0040000 >8b8.12bc: 00007ff6c5763000-00007ff6c575bfff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c576a000-00007ff6c5768fff 0x0004/0x0004 0x0020000 >8b8.12bc: 00007ff6c576b000-00007ff6c5767fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c576e000-00007ff6c576bfff 0x0004/0x0004 0x0020000 >8b8.12bc: 00007ff6c5770000-00007ff6c50cffff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c5e10000-00007ff6c5e0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5e11000-00007ff6c5d91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5e90000-00007ff6c5e8efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5e91000-00007ff6c5e59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5ec8000-00007ff6c5ebefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5ed1000-00007ff6c5e97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5f0a000-00007ff1f8853fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb935c0000-00007ffb935befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb935c1000-00007ffb934d3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936ae000-00007ffb936aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936b1000-00007ffb936affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936b2000-00007ffb93694fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936cf000-00007ffb91ebdfff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb94ee0000-00007ffb94edefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ee1000-00007ffb94dcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ff4000-00007ffb94ff2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ff5000-00007ffb94ff3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ff6000-00007ffb94fd1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb9501a000-00007ffb94013fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb96020000-00007ffb9601efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb96021000-00007ffb95efbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb96146000-00007ffb9613cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb9614f000-00007ffb96140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb9615d000-00007ffb9615bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb9615e000-00007ffb960f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb961c6000-00007ff72c3abfff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 >8b8.12bc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports >8b8.12bc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports >8b8.12bc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) >8b8.12bc: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY >8b8.12bc: *0000000000000000-ffffffffffdaffff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000250000-000000000023ffff 0x0004/0x0004 0x0040000 >8b8.12bc: 0000000000260000-000000000024ffff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000270000-0000000000260fff 0x0002/0x0002 0x0040000 >8b8.12bc: 000000000027f000-000000000027dfff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000280000-0000000000186fff 0x0000/0x0004 0x0020000 >8b8.12bc: 0000000000379000-0000000000375fff 0x0104/0x0004 0x0020000 >8b8.12bc: 000000000037c000-0000000000377fff 0x0004/0x0004 0x0020000 >8b8.12bc: *0000000000380000-000000000037bfff 0x0002/0x0002 0x0040000 >8b8.12bc: 0000000000384000-0000000000377fff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000390000-000000000038dfff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000392000-0000000000383fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00000000003a0000-0000000000321fff 0x0002/0x0002 0x0040000 >8b8.12bc: 000000000041e000-000000000041bfff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000420000-000000000041dfff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000422000-0000000000409fff 0x0000/0x0004 0x0020000 >8b8.12bc: 000000000043a000-0000000000383fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00000000004f0000-00000000004b3fff 0x0004/0x0004 0x0020000 >8b8.12bc: 000000000052c000-000000000052afff 0x0000/0x0004 0x0020000 >8b8.12bc: 000000000052d000-0000000000504fff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000555000-00000000004b9fff 0x0000/0x0004 0x0020000 >8b8.12bc: *00000000005f0000-00000000005e7fff 0x0000/0x0004 0x0020000 >8b8.12bc: 00000000005f8000-0000000000450fff 0x0004/0x0004 0x0020000 >8b8.12bc: 000000000079f000-000000000079dfff 0x0000/0x0004 0x0020000 >8b8.12bc: *00000000007a0000-00000000006a3fff 0x0004/0x0004 0x0020000 >8b8.12bc: 000000000089c000-0000000000899fff 0x0000/0x0004 0x0020000 >8b8.12bc: 000000000089e000-000000000089cfff 0x0004/0x0004 0x0020000 >8b8.12bc: 000000000089f000-000000000089dfff 0x0000/0x0004 0x0020000 >8b8.12bc: *00000000008a0000-0000000000893fff 0x0000/0x0004 0x0020000 >8b8.12bc: 00000000008ac000-0000000000770fff 0x0004/0x0004 0x0020000 >8b8.12bc: 00000000009e7000-00000000009e5fff 0x0000/0x0004 0x0020000 >8b8.12bc: 00000000009e8000-00000000009dffff 0x0001/0x0000 0x0000000 >8b8.12bc: *00000000009f0000-00000000009e5fff 0x0000/0x0004 0x0020000 >8b8.12bc: 00000000009fa000-00000000008e9fff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000b0a000-0000000000b08fff 0x0000/0x0004 0x0020000 >8b8.12bc: 0000000000b0b000-0000000000b05fff 0x0001/0x0000 0x0000000 >8b8.12bc: *0000000000b10000-0000000000b03fff 0x0000/0x0004 0x0020000 >8b8.12bc: 0000000000b1c000-0000000000a0bfff 0x0004/0x0004 0x0020000 >8b8.12bc: 0000000000c2c000-0000000000c2afff 0x0000/0x0004 0x0020000 >8b8.12bc: 0000000000c2d000-ffffffff81879fff 0x0001/0x0000 0x0000000 >8b8.12bc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 >8b8.12bc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 >8b8.12bc: 000000007fff0000-ffff800a3a99ffff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c5640000-00007ff6c563afff 0x0002/0x0002 0x0040000 >8b8.12bc: 00007ff6c5645000-00007ff6c5549fff 0x0000/0x0002 0x0040000 >8b8.12bc: *00007ff6c5740000-00007ff6c571cfff 0x0002/0x0002 0x0040000 >8b8.12bc: 00007ff6c5763000-00007ff6c575bfff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c576a000-00007ff6c5768fff 0x0004/0x0004 0x0020000 >8b8.12bc: 00007ff6c576b000-00007ff6c5767fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c576e000-00007ff6c576bfff 0x0004/0x0004 0x0020000 >8b8.12bc: 00007ff6c5770000-00007ff6c50cffff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ff6c5e10000-00007ff6c5e0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5e11000-00007ff6c5d90fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5e91000-00007ff6c5e59fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5ec8000-00007ff6c5ebefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5ed1000-00007ff6c5e97fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe >8b8.12bc: 00007ff6c5f0a000-00007ff1f8853fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb935c0000-00007ffb935befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb935c1000-00007ffb934d3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936ae000-00007ffb936aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936b1000-00007ffb936affff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936b2000-00007ffb93694fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll >8b8.12bc: 00007ffb936cf000-00007ffb91ebdfff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb94ee0000-00007ffb94edefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ee1000-00007ffb94dcdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ff4000-00007ffb94ff2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ff5000-00007ffb94ff3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb94ff6000-00007ffb94fd1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: 00007ffb9501a000-00007ffb94023fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb96010000-00007ffb9600efff 0x0004/0x0004 0x0020000 >8b8.12bc: 00007ffb96011000-00007ffb96001fff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffb96020000-00007ffb9601efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb96021000-00007ffb95efbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb96146000-00007ffb9613cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb9614f000-00007ffb96140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb9615d000-00007ffb9615bfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb9615e000-00007ffb960f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: 00007ffb961c6000-00007ff72c3abfff 0x0001/0x0000 0x0000000 >8b8.12bc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 >8b8.12bc: SUPR3HardenedMain: Final process, opening VBoxDrv... >8b8.12bc: supR3HardNtEnableThreadCreation: >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\system32\Wintrust.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008] >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb94ee0000 'C:\Windows\system32\kernel32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\CRYPT32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93250000 'C:\Windows\system32\bcryptprimitives.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\system32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\System32\cryptnet.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F4DBD57735AA8D272712E3B59634C9F87BD4711 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=rpcrt4.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95950000 'C:\Windows\system32\rpcrt4.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_58_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\SystemRoot\System32\ntdll.dll' >8b8.12bc: g_pfnWinVerifyTrust=00007ffb93471040 >8b8.12bc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000370 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A08496AE026B14E832621417F248DDCAECD22079 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000036c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0315578F0B76A9760FEA2715053C51E46A277B04 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-DS-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x987869d3679da00 CN=ClockworkMod >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA >8b8.12bc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root >8b8.12bc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=33 >8b8.12bc: SUPR3HardenedMain: Load Runtime... >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7b660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\system32\Wintrust.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: SUPR3HardenedMain: Load TrustedMain... >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D07100D567670EB6C18EAD4F8F1561AE4F40E0A5 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_546_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' >8b8.12bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' >8b8.12bc: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust] >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B21317A30D467EC23A2D5AE5A00919E81ECF45 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B6F85C85728A0522988F3BA15B32993C5E6F65A >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_34a8918f959016ea\comctl32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7054D7E2435C8185055FC10D72A003A1DA9E42A >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=301C08682DA17C67E9303CDB8A53D6714879AAB6 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_458_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E2A9E0BA990B5B324512157B6832A46A7F5FC7E >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31DF65C62254C7AE52D40C6878D7F8B35E0367A8 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B6F85C85728A0522988F3BA15B32993C5E6F65A >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=imm32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'imm32.dll' -> 'C:\Windows\system32\imm32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951a0000 'C:\Windows\system32\imm32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb73f20000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' >8b8.12bc: SUPR3HardenedMain: Calling TrustedMain (00007ffb73f21ca0)... >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb889e0000 'C:\Windows\system32\winmm.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c0 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4235D21C52BC6FC9D5B6A7B3CE61ED85F804B2B7 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2550_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb94ee0000 'C:\Windows\system32\kernel32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 2 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb920f0000 'C:\Windows\system32\uxtheme.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95a90000 'C:\Windows\system32\advapi32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb929b0000 'C:\Windows\system32\userenv.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb94ee0000 'C:\Windows\system32\kernel32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb954c0000 'C:\Windows\System32\oleaut32.dll' >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a4 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=687F47861CE02066FB64E8228B3C4D091FA20854 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32 *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb954c0000 'C:\Windows\system32\OLEAUT32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 2 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95b40000 'C:\Windows\system32\gdi32.dll' >8b8.d5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.d5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.d5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.d5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.d5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust >8b8.d5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.d5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.d5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.d5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll >8b8.d5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb75a00000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' >8b8.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust >8b8.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll >8b8.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll >8b8.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8dfa0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb957d0000 'C:\Windows\system32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951e0000 'C:\Windows\system32\MSCTF.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\Windows\system32\ole32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb957d0000 'C:\Windows\system32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb954c0000 'C:\Windows\system32\OLEAUT32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a84 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7236FDED02E3449B6CA92FB6E4246EBF9068E8BF >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a9c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8CF4605B4B026F3426876C8B971F3B65D680FCA >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a140000 'C:\Windows\system32\wbem\wbemprox.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAF9F72D1022230646E0EDB101D9050122FBB222 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88ef0000 'C:\Windows\system32\wbem\wbemsvc.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'api-ms-win-core-localization-l1-2-0.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F29F8F4F858A7AFDF4CD047A78948C26E8333B6 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88f40000 'C:\Windows\system32\wbem\fastprox.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb954c0000 'C:\Windows\system32\OLEAUT32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb957d0000 'C:\Windows\system32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb934c0000 'C:\Windows\system32\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb889e0000 'C:\Windows\SYSTEM32\WINMM.dll' >8b8.1244: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1244: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1244: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1244: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1244: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1244: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1244: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. >8b8.1244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.1244: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust >8b8.1244: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1244: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' >8b8.1244: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1244: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1244: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. >8b8.1244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. >8b8.1244: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. >8b8.1244: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust >8b8.1244: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1244: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1244: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' >8b8.1244: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1244: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1244: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1244: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1244: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll >8b8.1244: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79e60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.544: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.544: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. >8b8.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.544: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. >8b8.544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust >8b8.544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' >8b8.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.544: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.544: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.544: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll >8b8.544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a130000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' >8b8.bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust >8b8.bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll >8b8.bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll >8b8.bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a120000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' >8b8.d50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.d50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.d50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.d50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.d50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.d50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.d50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.d50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.d50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. >8b8.d50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.d50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust >8b8.d50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll >8b8.d50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.d50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.d50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.d50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.d50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.d50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.d50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.d50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.d50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.d50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll >8b8.d50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a0c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' >8b8.79c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.79c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.79c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.79c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.79c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.79c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.79c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.79c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.79c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. >8b8.79c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.79c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust >8b8.79c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll >8b8.79c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.79c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.79c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.79c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... >8b8.79c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' >8b8.79c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll >8b8.79c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.79c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.79c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.79c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll >8b8.79c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89be0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79e60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89120000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' >8b8.1134: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d2c pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAD431E57FCC787ED701559E9AF2ACC33D2DCED0 >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb73660000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6059B260D211680DF083154CCCE38DE8412914CF >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88c90000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb75a00000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89120000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89b60000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89390000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89100000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. >8b8.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. >8b8.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust >8b8.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll >8b8.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... >8b8.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' >8b8.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll >8b8.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ab80000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-version-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'api-ms-win-core-version-l1-1-0.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e6a0000 'C:\Windows\system32/Iphlpapi.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb4 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E8A5C503120A11AEA21658FF24E56CA6FD0F29 >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F1462D922EF889F4B0A9FD14B2DFE30CDCB183D5 >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_198_for_KB2962409~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f44 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ADB542ACB56917DACFC9792CAC57CDEED29A58E5 >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e160000 'C:\Windows\System32\dsound.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e160000 'C:\Windows\System32\dsound.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90300000 'C:\Windows\System32\MMDevApi.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=MMDEVAPI.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'MMDEVAPI.DLL' -> 'C:\Windows\system32\MMDEVAPI.DLL' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90300000 'C:\Windows\system32\MMDEVAPI.DLL' >8b8.590: supR3HardenedMonitor_LdrLoadDll: pName=AUDIOSES.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.590: supR3HardenedMonitor_LdrLoadDll: 'AUDIOSES.DLL' -> 'C:\Windows\system32\AUDIOSES.DLL' [rcNt=0xc0150008] >8b8.590: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.590: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.590: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.590: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.590: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. >8b8.590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'. >8b8.590: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'. >8b8.590: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll)WinVerifyTrust >8b8.590: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.590: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' >8b8.590: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.590: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.590: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.590: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.590: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.590: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll >8b8.590: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb82420000 'C:\Windows\system32\AUDIOSES.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=winmm.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'winmm.dll' -> 'C:\Windows\system32\winmm.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb889e0000 'C:\Windows\system32\winmm.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=wdmaud.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'wdmaud.drv' -> 'C:\Windows\system32\wdmaud.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc0 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A1CBABB000F9496EAA31F2C938BD998B09CAF0CC >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89410000 'C:\Windows\system32\wdmaud.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=wdmaud.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'wdmaud.drv' -> 'C:\Windows\system32\wdmaud.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89410000 'C:\Windows\system32\wdmaud.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=wdmaud.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'wdmaud.drv' -> 'C:\Windows\system32\wdmaud.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89410000 'C:\Windows\system32\wdmaud.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=wdmaud.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'wdmaud.drv' -> 'C:\Windows\system32\wdmaud.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89410000 'C:\Windows\system32\wdmaud.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=wdmaud.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'wdmaud.drv' -> 'C:\Windows\system32\wdmaud.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89410000 'C:\Windows\system32\wdmaud.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c28 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0FA85EFCB35F052852A205B01E87BA502D7D932 >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=msacm32.drv *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'msacm32.drv' -> 'C:\Windows\system32\msacm32.drv' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ea70000 'C:\Windows\system32\msacm32.drv' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=midimap.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'midimap.dll' -> 'C:\Windows\system32\midimap.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c34 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BADF8E473237389086DF46C97735398789C3969 >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-avcore~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll' >8b8.1134: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. >8b8.1134: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. >8b8.1134: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)WinVerifyTrust >8b8.1134: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1134: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1134: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1134: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8df90000 'C:\Windows\system32\midimap.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=midimap.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'midimap.dll' -> 'C:\Windows\system32\midimap.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8df90000 'C:\Windows\system32\midimap.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=midimap.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'midimap.dll' -> 'C:\Windows\system32\midimap.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8df90000 'C:\Windows\system32\midimap.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=midimap.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'midimap.dll' -> 'C:\Windows\system32\midimap.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8df90000 'C:\Windows\system32\midimap.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=winmm.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'winmm.dll' -> 'C:\Windows\system32\winmm.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb889e0000 'C:\Windows\system32\winmm.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=winmm.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedMonitor_LdrLoadDll: 'winmm.dll' -> 'C:\Windows\system32\winmm.dll' [rcNt=0xc0150008] >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb889e0000 'C:\Windows\system32\winmm.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb79e60000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1134: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1134: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll >8b8.1134: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb94ee0000 'C:\Windows\system32/kernel32.dll' >8b8.e50: '\Device\HarddiskVolume2\Windows\System32\tzres.dll' has no imports >8b8.e50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tzres.dll) >8b8.e50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tzres.dll >8b8.e50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\tzres.dll [avoiding WinVerifyTrust] >8b8.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001094 pwszName=\Device\HarddiskVolume2\Windows\System32\tzres.dll >8b8.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C2912B1AF73A6796732D1488D75007F742A3299 >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Base-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\tzres.dll' >8b8.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.9f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tzres.dll' >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: pName=avrt.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: 'avrt.dll' -> 'C:\Windows\system32\avrt.dll' [rcNt=0xc0150008] >8b8.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll >8b8.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90e10000 'C:\Windows\system32\avrt.dll' >8b8.e50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001058 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll >8b8.e50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.e50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.e50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C64ACDC3BD0BFFE24C87951473EBAE5CBEDAA02F >8b8.e50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.e50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e50: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e50: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.e50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.e50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-CoreSystem-Minio-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll' >8b8.e50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.e50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. >8b8.e50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll)WinVerifyTrust >8b8.e50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll >8b8.e50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.e50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.e50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.e50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.e50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.e50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.e50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll >8b8.e50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb92c00000 'C:\Windows\system32\mswsock.dll' >8b8.e50: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-version-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'api-ms-win-core-version-l1-1-0.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=mscms.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'mscms.dll' -> 'C:\Windows\system32\mscms.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\CRYPT32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=603F84ABA4E8DD75D802CF57F5ABB2D0968221E0 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb878e0000 'C:\Windows\system32\mscms.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=icm32.dll *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'icm32.dll' -> 'C:\Windows\system32\icm32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012b4 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FD7D3BB298BC790CD5163953E8A559775122F0 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb81670000 'C:\Windows\system32\icm32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\comdlg32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000000f80000 'C:\Windows\System32\comdlg32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\CRYPT32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e4d0000 'C:\Windows\system32\propsys.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d8 pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5390073B6380AD5C6C8BDA60984E68C77A19C6FF >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2551_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32 *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\explorerframe.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001344 pwszName=\Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C80BD5F3326D4C41D63EBAEBECFF4CD2D9C519D5 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2555_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'duser.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'dui70.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'imm32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dui70.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dui70.dll' -> '\Device\HarddiskVolume2\Windows\System32\dui70.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001370 pwszName=\Device\HarddiskVolume2\Windows\System32\dui70.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5652FFA3A9CEBA1DF5F927755F7152894092AC2E >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2794_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\dui70.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dui70.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dui70.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'duser.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'duser.dll' -> '\Device\HarddiskVolume2\Windows\System32\duser.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000718 pwszName=\Device\HarddiskVolume2\Windows\System32\duser.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A511C827ECC2E0F6A846E0A26C923E6422B208EF >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\duser.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\duser.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\duser.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ExplorerFrame.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\duser.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dui70.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=ntdll.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'ntdll.dll' -> 'C:\Windows\system32\ntdll.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb96020000 'C:\Windows\system32\ntdll.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'user32.dll' -> 'C:\Windows\system32\user32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb857f0000 'C:\Windows\system32\explorerframe.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DUser.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\duser.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91090000 'C:\Windows\system32\DUser.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'user32.dll' -> 'C:\Windows\system32\user32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=MsftEdit.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'MsftEdit.dll' -> 'C:\Windows\system32\MsftEdit.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001240 pwszName=\Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=040CE24DBD55F27879DBE43D90F8E831BED0C76D >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_151_for_KB2934018~31bf3856ad364e35~amd64~~6.3.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msftedit.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'msimg32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msftedit.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msimg32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f8 pwszName=\Device\HarddiskVolume2\Windows\System32\msimg32.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B4EC80A73343D4FE9DC2F411DC00FF48A966107 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\msimg32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msimg32.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msimg32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7eb40000 'C:\Windows\system32\MsftEdit.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Globalization.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010bc pwszName=\Device\HarddiskVolume2\Windows\System32\Windows.Globalization.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9C8064B78A8BD444C76A12D21E27995D76D18DB >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1726_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\Windows.Globalization.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'combase.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcp47langs.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Windows.Globalization.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Windows.Globalization.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcp47langs.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d0 pwszName=\Device\HarddiskVolume2\Windows\System32\BCP47Langs.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A8D0AE267C499FE011B1F3EAF0AF3BBD795CA32 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\BCP47Langs.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\BCP47Langs.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\BCP47Langs.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Windows.Globalization.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\BCP47Langs.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7be40000 'C:\Windows\System32\Windows.Globalization.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'bcp47langs.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\globinputhost.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\globinputhost.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001110 pwszName=\Device\HarddiskVolume2\Windows\System32\globinputhost.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F4D7520D8B5B9E43DA50BADB04FB8BF9D07DA1AA >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcp47langs.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\BCP47Langs.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\globinputhost.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\globinputhost.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\Windows\system32\ole32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb957d0000 'C:\Windows\system32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951e0000 'C:\Windows\System32\msctf.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951e0000 'C:\Windows\system32\msctf.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001254 pwszName=\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BB6CE930E60AA7DCEEF33C348F26E17010A36E3 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_218_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\ink\tiptsf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fc30000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\xmllite.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\StructuredQuery.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007ac pwszName=\Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BF2108CD1229E267C65AAB13C7A384F9CF3BE21C >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2005_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'shcore.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\StructuredQuery.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb83080000 'C:\Windows\System32\StructuredQuery.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-1.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95580000 'api-ms-win-core-com-l1-1-1.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-shcore-comhelpers-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb917d0000 'api-ms-win-shcore-comhelpers-l1-1-0.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-ntuser-keyboard-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'ext-ms-win-ntuser-keyboard-l1-1-0.dll' -> 'C:\Windows\system32\ext-ms-win-ntuser-keyboard-l1-1-0.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001408 pwszName=\Device\HarddiskVolume2\Windows\System32\ext-ms-win-ntuser-keyboard-l1-1-0.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F332576034DF3876477F3A68E9DA3D828D16DEA >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\ext-ms-win-ntuser-keyboard-l1-1-0.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: '\Device\HarddiskVolume2\Windows\System32\ext-ms-win-ntuser-keyboard-l1-1-0.dll' has no imports >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ext-ms-win-ntuser-keyboard-l1-1-0.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ext-ms-win-ntuser-keyboard-l1-1-0.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ext-ms-win-ntuser-keyboard-l1-1-0.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88b00000 'C:\Windows\system32\ext-ms-win-ntuser-keyboard-l1-1-0.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=PROPSYS.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'PROPSYS.dll' -> 'C:\Windows\system32\PROPSYS.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8e4d0000 'C:\Windows\system32\PROPSYS.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\actxprxy.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume2\Windows\System32\actxprxy.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D6166F90EDD0744E08A1A96E3608701A3EC63958 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_11_for_KB2995004~31bf3856ad364e35~amd64~~6.3.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\actxprxy.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\actxprxy.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\actxprxy.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\actxprxy.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8c1e0000 'C:\Windows\System32\actxprxy.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SearchFolder.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000147c pwszName=\Device\HarddiskVolume2\Windows\System32\thumbcache.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F8A71C810C28D08DA8231226ACEB9802D8F7DC0D >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2555_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\thumbcache.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'shcore.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shell32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'propsys.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\thumbcache.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\thumbcache.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\thumbcache.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb82fc0000 'C:\Windows\System32\thumbcache.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001418 pwszName=\Device\HarddiskVolume2\Windows\System32\SearchFolder.dll >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000054eb30 >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000054eb30 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C43EA0A2F8C9571E19B1C27D646D05D2A716E4E3 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleacc.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001410 pwszName=\Device\HarddiskVolume2\Windows\System32\oleacc.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f79780 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f79780 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09E7155C8658B38B921127B3251B1D38588DF5C8 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleacc.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleacc.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleacc.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8fe60000 'C:\Windows\System32\oleacc.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.DLL' -> 'C:\Windows\system32\OLEAUT32.DLL' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb954c0000 'C:\Windows\system32\OLEAUT32.DLL' >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_65_for_KB2984006~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\SearchFolder.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. >8b8.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. >8b8.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'shlwapi.dll'. >8b8.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'. >8b8.1354: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SearchFolder.dll)WinVerifyTrust >8b8.1354: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.1354: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb83120000 'C:\Windows\system32\SearchFolder.dll' >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001250 pwszName=\Device\HarddiskVolume2\Windows\System32\drprov.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f79780 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f79780 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77B7FF57E27A2E2A5A2F6C87A3DCF8CC036DCA4D >8b8.e48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) >8b8.e48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008b0 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003873a70 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003873a70 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4C95513642E818E61368D055E77885237B5EC1E >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1722_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\apphelp.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NetworkExplorer.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-termsrv~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\drprov.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winsta.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drprov.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drprov.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winsta.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winsta.dll' -> '\Device\HarddiskVolume2\Windows\System32\winsta.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001488 pwszName=\Device\HarddiskVolume2\Windows\System32\networkexplorer.dll >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003873a70 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003873a70 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BDDE363D1DF574AF02225FC4FC7870FDDB837220 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drprov.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8fee0000 'C:\Windows\System32\drprov.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f4c pwszName=\Device\HarddiskVolume2\Windows\System32\ntlanman.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000038726f0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000038726f0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=199CAF206522DF9D1F687D8C6D2CA0727C290330 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-admin~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntlanman.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntlanman.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntlanman.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntlanman.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a9f0000 'C:\Windows\System32\ntlanman.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001438 pwszName=\Device\HarddiskVolume2\Windows\System32\davclnt.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000038726f0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000038726f0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DDCA6B84D4C088718910FF216A86550459F580EB >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-net~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\networkexplorer.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'propsys.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'. >8b8.e48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\networkexplorer.dll)WinVerifyTrust >8b8.e48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\networkexplorer.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\networkexplorer.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e7b0000 'C:\Windows\system32\NetworkExplorer.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB2934018~31bf3856ad364e35~amd64~~6.3.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\davclnt.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'davhlpr.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\davclnt.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\davclnt.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'davhlpr.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'davhlpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\davhlpr.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f3c pwszName=\Device\HarddiskVolume2\Windows\System32\davhlpr.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003873a70 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003873a70 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE55B40183283B4B74AF7ACF2357B9C306D4CFB8 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\davhlpr.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\davhlpr.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\davhlpr.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\davclnt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\davhlpr.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a9d0000 'C:\Windows\System32\davclnt.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drprov.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8fee0000 'C:\Windows\System32\drprov.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntlanman.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a9f0000 'C:\Windows\System32\ntlanman.dll' >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wkscli.dll) >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wkscli.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wkscli.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=cscapi.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'cscapi.dll' -> 'C:\Windows\system32\cscapi.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a0 pwszName=\Device\HarddiskVolume2\Windows\System32\cscapi.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003873a70 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003873a70 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC020E76102762ACFF5F4B09B050779ED9B6980C >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cscapi.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cscapi.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cscapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscapi.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89eb0000 'C:\Windows\system32\cscapi.dll' >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netutils.dll) >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netutils.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netutils.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\davclnt.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a9d0000 'C:\Windows\System32\davclnt.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\twinapi.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dlnashext.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c4 pwszName=\Device\HarddiskVolume2\Windows\System32\dlnashext.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003873a70 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003873a70 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000143c pwszName=\Device\HarddiskVolume2\Windows\System32\twinapi.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003871df0 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003871df0 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=29CE9F6389E2679C39D22AADE2A04710BE6967A7 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E2BBB7B7FA2A3B847217D6A43C0A62C0EF4ABF0 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_546_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\twinapi.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'combase.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88740000 'C:\Windows\System32\twinapi.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'combase.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\dlnashext.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dlnashext.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dlnashext.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dlnashext.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a1a0000 'C:\Windows\System32\dlnashext.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll' >8b8.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.1354: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\linkinfo.dll) >8b8.1354: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\linkinfo.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001544 pwszName=\Device\HarddiskVolume2\Windows\System32\linkinfo.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003871df0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003871df0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5BDC06712405F7E841E02B1F2B18F040A3C17521 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\urlmon.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\urlmon.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1234: '\Device\HarddiskVolume2\Windows\System32\imageres.dll' has no imports >8b8.1354: '\Device\HarddiskVolume2\Windows\System32\imageres.dll' has no imports >8b8.1234: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imageres.dll) >8b8.1354: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imageres.dll) >8b8.1234: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001638 pwszName=\Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windowscodecs.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000038f2b40 >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000038f2b40 >8b8.1234: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90e40000 'C:\Windows\system32\windowscodecs.dll' >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'shell32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'propsys.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'shlwapi.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'sspicli.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ntshrui.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntshrui.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000160c pwszName=\Device\HarddiskVolume2\Windows\System32\urlmon.dll >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001604 pwszName=\Device\HarddiskVolume2\Windows\System32\urlmon.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003601db0 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601db0 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003871eb0 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003871eb0 >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sspicli.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sspicli.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\linkinfo.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\linkinfo.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sspicli.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sspicli.dll' -> '\Device\HarddiskVolume2\Windows\System32\sspicli.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll [lacks WinVerifyTrust] >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78B0845D407961E961D24D3674EF1468FCB52CB3 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78B0845D407961E961D24D3674EF1468FCB52CB3 >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\srvcli.dll) >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\srvcli.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1234: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imageres.dll [avoiding WinVerifyTrust] >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sspicli.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab0 pwszName=\Device\HarddiskVolume2\Windows\System32\ntshrui.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003871df0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003871df0 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\srvcli.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=cscapi.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'cscapi.dll' -> 'C:\Windows\system32\cscapi.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscapi.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89eb0000 'C:\Windows\system32\cscapi.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'msctf.dll' -> 'C:\Windows\system32\msctf.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951e0000 'C:\Windows\system32\msctf.dll' >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iertutil.dll'. >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'wininet.dll'. >8b8.f78: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\urlmon.dll) >8b8.f78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\urlmon.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2DA5073A56C223F669808509DD697FD608EF810 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'... >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume2\Windows\System32\wininet.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.e48: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\wininet.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'iertutil.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'userenv.dll'. >8b8.e48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wininet.dll) >8b8.e48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wininet.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' >8b8.e48: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\iertutil.dll'. >8b8.f78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.f78: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll) >8b8.f78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\iertutil.dll >8b8.e48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\iertutil.dll) >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.f78: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wininet.dll [avoiding WinVerifyTrust] >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll [lacks WinVerifyTrust] >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000016a4 pwszName=\Device\HarddiskVolume2\Windows\System32\iertutil.dll >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003601ff0 >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A75C68E8DBA7CE4FA012830239125DDD855F8CDF >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB2977629~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\iertutil.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.f78: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000015b8 pwszName=\Device\HarddiskVolume2\Windows\System32\wininet.dll >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003601ff0 >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F669C1EA58084C171AFCD57B9163DCBD9249E2F4 >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB2977629~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\wininet.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.f78: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wininet.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000016a0 pwszName=\Device\HarddiskVolume2\Windows\System32\urlmon.dll >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003601ff0 >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78B0845D407961E961D24D3674EF1468FCB52CB3 >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB2977629~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\urlmon.dll' >8b8.f78: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.f78: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\urlmon.dll' >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'api-ms-win-downlevel-advapi32-l1-1-0.dll' >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008] >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95a90000 'C:\Windows\system32\ADVAPI32.dll' >8b8.f78: supR3HardenedMonitor_LdrLoadDll: pName=user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f78: supR3HardenedMonitor_LdrLoadDll: 'user32.dll' -> 'C:\Windows\system32\user32.dll' [rcNt=0xc0150008] >8b8.f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB2977629~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\urlmon.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iertutil.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'wininet.dll'. >8b8.e48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\urlmon.dll)WinVerifyTrust >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume2\Windows\System32\wininet.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB2977629~31bf3856ad364e35~amd64~~6.3.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\urlmon.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2550_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntshrui.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'iertutil.dll'. >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'wininet.dll'. >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\urlmon.dll)WinVerifyTrust >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'... >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8dac0000 'C:\Windows\System32\urlmon.dll' >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume2\Windows\System32\wininet.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iertutil.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'iertutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\iertutil.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\iertutil.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntshrui.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PlayToDevice.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8dac0000 'C:\Windows\System32\urlmon.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=Secur32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=Secur32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'Secur32.dll' -> 'C:\Windows\system32\Secur32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'Secur32.dll' -> 'C:\Windows\system32\Secur32.dll' [rcNt=0xc0150008] >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=Secur32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1234: supR3HardenedMonitor_LdrLoadDll: 'Secur32.dll' -> 'C:\Windows\system32\Secur32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imageres.dll [avoiding WinVerifyTrust] >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imageres.dll [avoiding WinVerifyTrust] >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001650 pwszName=\Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003601ff0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000169c pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll >8b8.1234: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000016fc pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001658 pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll >8b8.1234: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003872e70 >8b8.1234: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003872e70 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000dfedb0 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000dfedb0 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f29210 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.1234: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F36B2FD292403B29FD567D7FABB5A9F3636DF3BB >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F36B2FD292403B29FD567D7FABB5A9F3636DF3BB >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F36B2FD292403B29FD567D7FABB5A9F3636DF3BB >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CED67C33A885005A3400B033A5EF386FDE8A0989 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2243_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'ws2_32.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7ea20000 'C:\Windows\System32\PlayToDevice.dll' >8b8.1110: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-winrt-string-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95580000 'api-ms-win-core-winrt-string-l1-1-0.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=CFGMGR32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'CFGMGR32.dll' -> 'C:\Windows\system32\CFGMGR32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93570000 'C:\Windows\system32\CFGMGR32.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DevDispItemProvider.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000174c pwszName=\Device\HarddiskVolume2\Windows\System32\DevDispItemProvider.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003601ff0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B09F30003FAD6AB8C4670EC958001AB554ABEE4B >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\DevDispItemProvider.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DevDispItemProvider.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DevDispItemProvider.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DevDispItemProvider.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a9b0000 'C:\Windows\System32\DevDispItemProvider.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wpdshext.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001790 pwszName=\Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003601ff0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.1234: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1234: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\secur32.dll)WinVerifyTrust >8b8.e48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll >8b8.e48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89ff0000 'C:\Windows\system32\Secur32.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=sspicli.dll *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'sspicli.dll' -> 'C:\Windows\system32\sspicli.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sspicli.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93220000 'C:\Windows\system32\sspicli.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\secur32.dll)WinVerifyTrust >8b8.1234: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-ds~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89ff0000 'C:\Windows\system32\Secur32.dll' >8b8.1234: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1234: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\secur32.dll)WinVerifyTrust >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89ff0000 'C:\Windows\system32\Secur32.dll' >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-CORE-URL-L1-1-0.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-CORE-URL-L1-1-0.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-CORE-URL-L1-1-0.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'API-MS-WIN-CORE-URL-L1-1-0.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'API-MS-WIN-CORE-URL-L1-1-0.DLL' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb935c0000 'API-MS-WIN-CORE-URL-L1-1-0.DLL' >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=SHELL32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1234: supR3HardenedMonitor_LdrLoadDll: 'SHELL32.dll' -> 'C:\Windows\system32\SHELL32.dll' [rcNt=0xc0150008] >8b8.1234: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\SHELL32.dll' >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-downlevel-advapi32-l2-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95c90000 'api-ms-win-downlevel-advapi32-l2-1-0.dll' >8b8.1234: supR3HardenedMonitor_LdrLoadDll: pName=OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1234: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\Windows\system32\OLEAUT32.dll' [rcNt=0xc0150008] >8b8.1234: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.1234: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb954c0000 'C:\Windows\system32\OLEAUT32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B3861140F79DAD2353DB3BD23496AD7924A3672 >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7467EB099B57A749CBEA853CF14DF9A93862B832 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001718 pwszName=\Device\HarddiskVolume2\Windows\System32\EhStorShell.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C111F1DA8BF20C35EDD63783C5A20BD7DD10D4D1 >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Portable-Devices-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wpdshext.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdiplus.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wpdshext.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdiplus.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\imageres.dll' >8b8.1354: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.1354: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imageres.dll' >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windowscodecs.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WindowsCodecs.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90e40000 'C:\Windows\system32\windowscodecs.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001770 pwszName=\Device\HarddiskVolume2\Windows\System32\GdiPlus.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000003601ff0 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003601ff0 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-drivers~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\EhStorShell.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\EhStorShell.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90200000 'C:\Windows\System32\EhStorShell.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorShell.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb90200000 'C:\Windows\System32\EhStorShell.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96535C54C5A5FA398B603F2D41972163C6B6247D >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_656_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\GdiPlus.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\GdiPlus.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\GdiPlus.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll) >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7bb90000 'C:\Windows\system32\wpdshext.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000017c8 pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\ >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96535C54C5A5FA398B603F2D41972163C6B6247D >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_656_for_KB2975719~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PortableDeviceApi.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\) >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000177c pwszName=\Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B3972357862B254A60DA87963F4921AEB0A1323F >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll) >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcp90.dll) >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcp90.dll >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00\ATL90.dll) >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00\ATL90.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb894f0000 'C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr90.dll' -> '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll [lacks WinVerifyTrust] >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Portable-Devices-Package~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a370000 'C:\Windows\System32\PortableDeviceApi.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00\ATL90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001728 pwszName=\Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=747B848F9E2DAAC9C2838608218F9FE725D70724 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcp90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-drivers~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll' >8b8.67c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'setupapi.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\msvcr90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.67c: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.67c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.67c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll)WinVerifyTrust >8b8.67c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.67c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.67c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e9a0000 'C:\Windows\System32\EhStorAPI.dll' >8b8.1234: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: '\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\Cul' has no imports >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\Cul)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\Cul >8b8.12f0: '\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\Cul' has no imports >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\Cul) >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb73240000 'C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb894f0000 'C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\1033\GrooveIntlResource.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: '\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\1033\GrooveIntl' has no imports >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\1033\GrooveIntl)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\1033\GrooveIntl >8b8.12f0: '\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\1033\GrooveIntl' has no imports >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\1033\GrooveIntl) >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c5d0000 'C:\PROGRA~1\MICROS~1\Office14\1033\GrooveIntlResource.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb894f0000 'C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb894f0000 'C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb894f0000 'C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'atl90.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Microsoft Office\Office14\)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'atl90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'atl90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcp90.dll' >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr90.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msvcr90.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb894f0000 'C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: \Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.12f0: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll) >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll'. >8b8.12f0: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll': rcNt=0xc0000190 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000017d0 pwszName=\Device\HarddiskVolume2\Windows\System32\cscui.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D2FC784920E1F6BF3C4923F486D515E2F9CCA3C >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_191_for_KB2967917~31bf3856ad364e35~amd64~~6.3.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cscui.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'propsys.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'cscdll.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cscui.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cscui.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cscdll.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cscdll.dll' -> '\Device\HarddiskVolume2\Windows\System32\cscdll.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001738 pwszName=\Device\HarddiskVolume2\Windows\System32\cscdll.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C7C19FE4B9E02E438BDDAD0079F101A7B3C792A7 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\cscdll.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cscdll.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cscdll.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscui.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscdll.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb82300000 'C:\Windows\System32\cscui.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscui.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cscui.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb82300000 'C:\Windows\System32\cscui.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Classic Shell\ClassicExplorer64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb89040000 'C:\Windows\System32\cryptnet.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'oleacc.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dwmapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'netapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'advapi32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'shell32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'shlwapi.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'wininet.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'wintrust.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'crypt32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'comdlg32.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wintrust.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wintrust.dll' -> '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wininet.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wininet.dll' -> '\Device\HarddiskVolume2\Windows\System32\wininet.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wininet.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'netutils.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'srvcli.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wkscli.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleacc.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wkscli.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wkscli.dll' -> '\Device\HarddiskVolume2\Windows\System32\wkscli.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wkscli.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'srvcli.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'srvcli.dll' -> '\Device\HarddiskVolume2\Windows\System32\srvcli.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\srvcli.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netutils.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netutils.dll' -> '\Device\HarddiskVolume2\Windows\System32\netutils.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netutils.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\Classic Shell\ClassicExplorer64.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mssprxy.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: \Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.e48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll) >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll'. >8b8.e48: Error (rc=0): >8b8.e48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll': rcNt=0xc0000190 >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Classic Shell\ClassicExplorer64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll >8b8.e48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll >8b8.e48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\Classic Shell\ClassicExplorer64.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\customs\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000017e0 pwszName=\Device\HarddiskVolume2\Windows\System32\mssprxy.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: \Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll: Owner is not trusted installer (01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00) >8b8.67c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll) >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll'. >8b8.67c: Error (rc=0): >8b8.67c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll': rcNt=0xc0000190 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll' >8b8.67c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Classic Shell\ClassicExplorer64.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.67c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Classic Shell\ClassicExplorer64.dll >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=53EB47F5A8988B3B2527DFE62F7F802B3B634D23 >8b8.67c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\Program Files\Classic Shell\ClassicExplorer64.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5584_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\mssprxy.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'combase.dll'. >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mssprxy.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mssprxy.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mssprxy.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb901c0000 'C:\Windows\system32\mssprxy.dll' >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\System32\shell32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DUser.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\duser.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91090000 'C:\Windows\system32\DUser.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'user32.dll' -> 'C:\Windows\system32\user32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=MsftEdit.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'MsftEdit.dll' -> 'C:\Windows\system32\MsftEdit.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7eb40000 'C:\Windows\system32\MsftEdit.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\Windows\system32\ole32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb957d0000 'C:\Windows\system32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IconCodecService.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wpdshext.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.1354: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.1354: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7bb90000 'C:\Windows\system32\wpdshext.dll' >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.1354: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.1354: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013c8 pwszName=\Device\HarddiskVolume2\Windows\System32\IconCodecService.dll >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93470000 'C:\Windows\System32\WINTRUST.DLL' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\CRYPT32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ECA20F5C4ED6147D2806AA1B124A6E5A5D46965 >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~6.3.9600.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\IconCodecService.dll' >8b8.12bc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. >8b8.12bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IconCodecService.dll)WinVerifyTrust >8b8.12bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IconCodecService.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.12bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.12bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IconCodecService.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fb10000 'C:\Windows\system32\IconCodecService.dll' >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\provsvc.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\provsvc.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'msctf.dll' -> 'C:\Windows\system32\msctf.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951e0000 'C:\Windows\system32\msctf.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001510 pwszName=\Device\HarddiskVolume2\Windows\System32\provsvc.dll >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f29210 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f29210 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf4 pwszName=\Device\HarddiskVolume2\Windows\System32\provsvc.dll >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f2a890 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f2a890 >8b8.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\provsvc.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.f64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001374 pwszName=\Device\HarddiskVolume2\Windows\System32\provsvc.dll >8b8.f64: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000003871eb0 >8b8.f64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000003871eb0 >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8BB278930A1A6AA61732C3477750BD5672B3404 >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8BB278930A1A6AA61732C3477750BD5672B3404 >8b8.f64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8BB278930A1A6AA61732C3477750BD5672B3404 >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb928a0000 'C:\Windows\system32\rsaenh.dll' >8b8.e48: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.f64: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.e48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=crypt32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.f64: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: 'crypt32.dll' -> 'C:\Windows\system32\crypt32.dll' [rcNt=0xc0150008] >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb936d0000 'C:\Windows\system32\crypt32.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5779_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\provsvc.dll' >8b8.e48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'. >8b8.e48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'shcore.dll'. >8b8.e48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\provsvc.dll)WinVerifyTrust >8b8.e48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\provsvc.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.e48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.e48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.e48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\provsvc.dll >8b8.e48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fcd0000 'C:\Windows\System32\provsvc.dll' >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5779_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\provsvc.dll' >8b8.f64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5779_for_KB2919355~31bf3856ad364e35~amd64~~6.3.1.14.cat'; file='\Device\HarddiskVolume2\Windows\System32\provsvc.dll' >8b8.f64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'. >8b8.12f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ws2_32.dll'. >8b8.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'shcore.dll'. >8b8.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\provsvc.dll)WinVerifyTrust >8b8.12f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'shcore.dll'. >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... >8b8.12f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\provsvc.dll)WinVerifyTrust >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fcd0000 'C:\Windows\System32\provsvc.dll' >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' >8b8.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'... >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' >8b8.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' >8b8.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... >8b8.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' >8b8.f64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll >8b8.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fcd0000 'C:\Windows\System32\provsvc.dll' >8b8.67c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.1354: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.e48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.12f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imageres.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shcore.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll >8b8.12f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb917d0000 'C:\Windows\system32\shcore.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' [rcNt=0x0] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DUser.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\duser.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91090000 'C:\Windows\system32\DUser.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=user32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'user32.dll' -> 'C:\Windows\system32\user32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95020000 'C:\Windows\system32\user32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=MsftEdit.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'MsftEdit.dll' -> 'C:\Windows\system32\MsftEdit.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msftedit.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msimg32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7eb40000 'C:\Windows\system32\MsftEdit.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=ole32.dll *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\Windows\system32\ole32.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb957d0000 'C:\Windows\system32\ole32.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.1184: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SearchFolder.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.1184: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll >8b8.1184: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SearchFolder.dll >8b8.1184: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb83120000 'C:\Windows\system32\SearchFolder.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\xmllite.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8ec90000 'C:\Windows\system32\xmllite.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PlayToDevice.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll >8b8.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PlayToDevice.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e300000 'C:\Windows\System32\PlayToDevice.dll' >8b8.7c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-winrt-string-l1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.7c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95580000 'api-ms-win-core-winrt-string-l1-1-0.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=CFGMGR32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: 'CFGMGR32.dll' -> 'C:\Windows\system32\CFGMGR32.dll' [rcNt=0xc0150008] >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb93570000 'C:\Windows\system32\CFGMGR32.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wpdshext.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wpdshext.dll >8b8.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17227_none_932c0e57474f5080\GdiPlus.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7bb90000 'C:\Windows\system32\wpdshext.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=Comctl32.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: 'Comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' [rcNt=0x0] >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\comctl32.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb91140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1\Comctl32.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PortableDeviceApi.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll >8b8.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PortableDeviceApi.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb8a370000 'C:\Windows\System32\PortableDeviceApi.dll' >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll >8b8.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\EhStorAPI.dll >8b8.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll >8b8.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7e9a0000 'C:\Windows\System32\EhStorAPI.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=msctf.dll *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: 'msctf.dll' -> 'C:\Windows\system32\msctf.dll' [rcNt=0xc0150008] >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb951e0000 'C:\Windows\system32\msctf.dll' >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHELL32.dll *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> >8b8.12bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll >8b8.12bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb938b0000 'C:\Windows\system32\SHELL32.dll' >8b8.12bc: Terminating the normal way: rcExit=0 >13e8.6a4: supR3HardenedWinDoReSpawn(2): Quitting: ExitCode=0x0 rcNt=0x0 >c7c.1370: supR3HardenedWinDoReSpawn(1): Quitting: ExitCode=0x0 rcNt=0x0
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=941570">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1146971
:
941567
|
941568
|
941569
| 941570 |
941571
|
941576