VirtualBox

Ticket #17761: VBoxHardening.log

File VBoxHardening.log, 386.7 KB (added by Leviathan, 6 years ago)

Another log. I am not sure if this one is neccessary

Line 
11158.2bcc: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
21158.2bcc: \SystemRoot\System32\ntdll.dll:
31158.2bcc: CreationTime: 2018-05-12T15:55:16.869061300Z
41158.2bcc: LastWriteTime: 2018-04-15T21:49:20.567835100Z
51158.2bcc: ChangeTime: 2018-05-12T22:01:25.127612500Z
61158.2bcc: FileAttributes: 0x20
71158.2bcc: Size: 0x1dd108
81158.2bcc: NT Headers: 0xe0
91158.2bcc: Timestamp: 0xd826f10d
101158.2bcc: Machine: 0x8664 - amd64
111158.2bcc: Timestamp: 0xd826f10d
121158.2bcc: Image Version: 10.0
131158.2bcc: SizeOfImage: 0x1e0000 (1966080)
141158.2bcc: Resource Dir: 0x174000 LB 0x6a1d8
151158.2bcc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161158.2bcc: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
171158.2bcc: ProductName: Microsoft® Windows® Operating System
181158.2bcc: ProductVersion: 10.0.16299.402
191158.2bcc: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
201158.2bcc: FileDescription: NT Layer DLL
211158.2bcc: \SystemRoot\System32\kernel32.dll:
221158.2bcc: CreationTime: 2018-05-12T15:52:09.711235800Z
231158.2bcc: LastWriteTime: 2018-05-03T07:43:30.892187700Z
241158.2bcc: ChangeTime: 2018-05-12T22:01:16.470159100Z
251158.2bcc: FileAttributes: 0x20
261158.2bcc: Size: 0xab868
271158.2bcc: NT Headers: 0xe8
281158.2bcc: Timestamp: 0x309fae94
291158.2bcc: Machine: 0x8664 - amd64
301158.2bcc: Timestamp: 0x309fae94
311158.2bcc: Image Version: 10.0
321158.2bcc: SizeOfImage: 0xae000 (712704)
331158.2bcc: Resource Dir: 0xac000 LB 0x520
341158.2bcc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351158.2bcc: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
361158.2bcc: ProductName: Microsoft® Windows® Operating System
371158.2bcc: ProductVersion: 10.0.16299.431
381158.2bcc: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
391158.2bcc: FileDescription: Windows NT BASE API Client DLL
401158.2bcc: \SystemRoot\System32\KernelBase.dll:
411158.2bcc: CreationTime: 2018-05-12T15:54:58.795535300Z
421158.2bcc: LastWriteTime: 2018-04-15T21:51:08.343639800Z
431158.2bcc: ChangeTime: 2018-05-12T22:01:23.722066200Z
441158.2bcc: FileAttributes: 0x20
451158.2bcc: Size: 0x265c00
461158.2bcc: NT Headers: 0xf0
471158.2bcc: Timestamp: 0xde35406a
481158.2bcc: Machine: 0x8664 - amd64
491158.2bcc: Timestamp: 0xde35406a
501158.2bcc: Image Version: 10.0
511158.2bcc: SizeOfImage: 0x266000 (2514944)
521158.2bcc: Resource Dir: 0x245000 LB 0x548
531158.2bcc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541158.2bcc: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
551158.2bcc: ProductName: Microsoft® Windows® Operating System
561158.2bcc: ProductVersion: 10.0.16299.402
571158.2bcc: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
581158.2bcc: FileDescription: Windows NT BASE API Client DLL
591158.2bcc: \SystemRoot\System32\apisetschema.dll:
601158.2bcc: CreationTime: 2017-09-29T13:42:07.095026600Z
611158.2bcc: LastWriteTime: 2017-09-29T13:42:07.095026600Z
621158.2bcc: ChangeTime: 2018-05-12T16:19:54.262649500Z
631158.2bcc: FileAttributes: 0x20
641158.2bcc: Size: 0x1b398
651158.2bcc: NT Headers: 0xc8
661158.2bcc: Timestamp: 0xf30abf31
671158.2bcc: Machine: 0x8664 - amd64
681158.2bcc: Timestamp: 0xf30abf31
691158.2bcc: Image Version: 10.0
701158.2bcc: SizeOfImage: 0x1c000 (114688)
711158.2bcc: Resource Dir: 0x1b000 LB 0x408
721158.2bcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731158.2bcc: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
741158.2bcc: ProductName: Microsoft® Windows® Operating System
751158.2bcc: ProductVersion: 10.0.16299.15
761158.2bcc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
771158.2bcc: FileDescription: ApiSet Schema DLL
781158.2bcc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
791158.2bcc: supR3HardenedWinFindAdversaries: 0x0
801158.2bcc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
811158.2bcc: Calling main()
821158.2bcc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
831158.2bcc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
841158.2bcc: SUPR3HardenedMain: Respawn #1
851158.2bcc: System32: \Device\HarddiskVolume3\Windows\System32
861158.2bcc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
871158.2bcc: KnownDllPath: C:\WINDOWS\System32
881158.2bcc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
891158.2bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
901158.2bcc: supR3HardNtEnableThreadCreation:
911158.2bcc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
921158.2bcc: supR3HardenedWinDoReSpawn(1): New child 1a70.1930 [kernel32].
931158.2bcc: supR3HardNtChildGatherData: PebBaseAddress=000000000070d000 cbPeb=0x388
941158.2bcc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffaeaf40000 uNtDllChildAddr=00007ffaeaf40000
951158.2bcc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffaeafb9280
961158.2bcc: supR3HardenedWinSetupChildInit: Start child.
971158.2bcc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
981158.2bcc: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
991158.2bcc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1001158.2bcc: *0000000000000000-000000000042ffff 0x0001/0x0000 0x0000000
1011158.2bcc: *0000000000430000-000000000044ffff 0x0004/0x0004 0x0020000
1021158.2bcc: *0000000000450000-0000000000468fff 0x0002/0x0002 0x0040000
1031158.2bcc: 0000000000469000-000000000046ffff 0x0001/0x0000 0x0000000
1041158.2bcc: *0000000000470000-000000000056afff 0x0000/0x0004 0x0020000
1051158.2bcc: 000000000056b000-000000000056dfff 0x0104/0x0004 0x0020000
1061158.2bcc: 000000000056e000-000000000056ffff 0x0004/0x0004 0x0020000
1071158.2bcc: *0000000000570000-0000000000573fff 0x0002/0x0002 0x0040000
1081158.2bcc: 0000000000574000-000000000057ffff 0x0001/0x0000 0x0000000
1091158.2bcc: *0000000000580000-0000000000580fff 0x0004/0x0004 0x0020000
1101158.2bcc: 0000000000581000-00000000005fffff 0x0001/0x0000 0x0000000
1111158.2bcc: *0000000000600000-000000000070cfff 0x0000/0x0004 0x0020000
1121158.2bcc: 000000000070d000-000000000070ffff 0x0004/0x0004 0x0020000
1131158.2bcc: 0000000000710000-00000000007fffff 0x0000/0x0004 0x0020000
1141158.2bcc: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
1151158.2bcc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1161158.2bcc: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1171158.2bcc: 000000007fff0000-00007ff74ae6ffff 0x0001/0x0000 0x0000000
1181158.2bcc: *00007ff74ae70000-00007ff74ae92fff 0x0002/0x0002 0x0040000
1191158.2bcc: 00007ff74ae93000-00007ff74b69ffff 0x0001/0x0000 0x0000000
1201158.2bcc: *00007ff74b6a0000-00007ff74b6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211158.2bcc: 00007ff74b6a1000-00007ff74b711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221158.2bcc: 00007ff74b712000-00007ff74b712fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231158.2bcc: 00007ff74b713000-00007ff74b758fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1241158.2bcc: 00007ff74b759000-00007ff74b759fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1251158.2bcc: 00007ff74b75a000-00007ff74b75afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1261158.2bcc: 00007ff74b75b000-00007ff74b75ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1271158.2bcc: 00007ff74b760000-00007ff74b760fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1281158.2bcc: 00007ff74b761000-00007ff74b761fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1291158.2bcc: 00007ff74b762000-00007ff74b765fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1301158.2bcc: 00007ff74b766000-00007ff74b7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1311158.2bcc: 00007ff74b7ae000-00007ffaeaf3ffff 0x0001/0x0000 0x0000000
1321158.2bcc: *00007ffaeaf40000-00007ffaeaf40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1331158.2bcc: 00007ffaeaf41000-00007ffaeb052fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1341158.2bcc: 00007ffaeb053000-00007ffaeb098fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1351158.2bcc: 00007ffaeb099000-00007ffaeb0a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1361158.2bcc: 00007ffaeb0a1000-00007ffaeb0aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1371158.2bcc: 00007ffaeb0af000-00007ffaeb0affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1381158.2bcc: 00007ffaeb0b0000-00007ffaeb0b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1391158.2bcc: 00007ffaeb0b3000-00007ffaeb11ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1401158.2bcc: 00007ffaeb120000-00007ffffffdffff 0x0001/0x0000 0x0000000
1411158.2bcc: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
1421158.2bcc: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
1431158.2bcc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1441158.2bcc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1451158.2bcc: supR3HardNtChildPurify: Done after 413 ms and 0 fixes (loop #0).
1461a70.1930: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
1471a70.1930: supR3HardenedVmProcessInit: uNtDllAddr=00007ffaeaf40000 g_uNtVerCombined=0xa03fab00
1481158.2bcc: supR3HardNtEnableThreadCreation:
1491a70.1930: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS)
1501a70.1930: New simple heap: #1 0000000000900000 LB 0x400000 (for 1966080 allocation)
1511a70.1930: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1521a70.1930: System32: \Device\HarddiskVolume3\Windows\System32
1531a70.1930: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1541a70.1930: KnownDllPath: C:\WINDOWS\System32
1551a70.1930: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1561a70.1930: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1571a70.1930: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1581a70.1930: Registered Dll notification callback with NTDLL.
1591a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1601a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1611a70.1930: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1621a70.1930: supR3HardenedDllNotificationCallback: load 00007ffae7ce0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
1631a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1641a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1651a70.1930: supR3HardenedDllNotificationCallback: load 00007ffaea390000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
1661a70.1930: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1671a70.1930: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\KERNEL32.DLL'
1681a70.1930: supR3HardenedDllNotificationCallback: load 00007ff74b6a0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1691a70.1930: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1701a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1711a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1721a70.1930: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
1731158.2bcc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 397 ms.
1741a70.1930: \SystemRoot\System32\ntdll.dll:
1751a70.1930: CreationTime: 2018-05-12T15:55:16.869061300Z
1761a70.1930: LastWriteTime: 2018-04-15T21:49:20.567835100Z
1771a70.1930: ChangeTime: 2018-05-12T22:01:25.127612500Z
1781a70.1930: FileAttributes: 0x20
1791a70.1930: Size: 0x1dd108
1801a70.1930: NT Headers: 0xe0
1811a70.1930: Timestamp: 0xd826f10d
1821a70.1930: Machine: 0x8664 - amd64
1831a70.1930: Timestamp: 0xd826f10d
1841a70.1930: Image Version: 10.0
1851a70.1930: SizeOfImage: 0x1e0000 (1966080)
1861a70.1930: Resource Dir: 0x174000 LB 0x6a1d8
1871a70.1930: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1881a70.1930: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1891a70.1930: ProductName: Microsoft® Windows® Operating System
1901a70.1930: ProductVersion: 10.0.16299.402
1911a70.1930: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
1921a70.1930: FileDescription: NT Layer DLL
1931a70.1930: \SystemRoot\System32\kernel32.dll:
1941a70.1930: CreationTime: 2018-05-12T15:52:09.711235800Z
1951a70.1930: LastWriteTime: 2018-05-03T07:43:30.892187700Z
1961a70.1930: ChangeTime: 2018-05-12T22:01:16.470159100Z
1971a70.1930: FileAttributes: 0x20
1981a70.1930: Size: 0xab868
1991a70.1930: NT Headers: 0xe8
2001a70.1930: Timestamp: 0x309fae94
2011a70.1930: Machine: 0x8664 - amd64
2021a70.1930: Timestamp: 0x309fae94
2031a70.1930: Image Version: 10.0
2041a70.1930: SizeOfImage: 0xae000 (712704)
2051a70.1930: Resource Dir: 0xac000 LB 0x520
2061a70.1930: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2071a70.1930: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2081a70.1930: ProductName: Microsoft® Windows® Operating System
2091a70.1930: ProductVersion: 10.0.16299.431
2101a70.1930: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
2111a70.1930: FileDescription: Windows NT BASE API Client DLL
2121a70.1930: \SystemRoot\System32\KernelBase.dll:
2131a70.1930: CreationTime: 2018-05-12T15:54:58.795535300Z
2141a70.1930: LastWriteTime: 2018-04-15T21:51:08.343639800Z
2151a70.1930: ChangeTime: 2018-05-12T22:01:23.722066200Z
2161a70.1930: FileAttributes: 0x20
2171a70.1930: Size: 0x265c00
2181a70.1930: NT Headers: 0xf0
2191a70.1930: Timestamp: 0xde35406a
2201a70.1930: Machine: 0x8664 - amd64
2211a70.1930: Timestamp: 0xde35406a
2221a70.1930: Image Version: 10.0
2231a70.1930: SizeOfImage: 0x266000 (2514944)
2241a70.1930: Resource Dir: 0x245000 LB 0x548
2251a70.1930: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2261a70.1930: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
2271a70.1930: ProductName: Microsoft® Windows® Operating System
2281a70.1930: ProductVersion: 10.0.16299.402
2291a70.1930: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
2301a70.1930: FileDescription: Windows NT BASE API Client DLL
2311a70.1930: \SystemRoot\System32\apisetschema.dll:
2321a70.1930: CreationTime: 2017-09-29T13:42:07.095026600Z
2331a70.1930: LastWriteTime: 2017-09-29T13:42:07.095026600Z
2341a70.1930: ChangeTime: 2018-05-12T16:19:54.262649500Z
2351a70.1930: FileAttributes: 0x20
2361a70.1930: Size: 0x1b398
2371a70.1930: NT Headers: 0xc8
2381a70.1930: Timestamp: 0xf30abf31
2391a70.1930: Machine: 0x8664 - amd64
2401a70.1930: Timestamp: 0xf30abf31
2411a70.1930: Image Version: 10.0
2421a70.1930: SizeOfImage: 0x1c000 (114688)
2431a70.1930: Resource Dir: 0x1b000 LB 0x408
2441a70.1930: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2451a70.1930: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
2461a70.1930: ProductName: Microsoft® Windows® Operating System
2471a70.1930: ProductVersion: 10.0.16299.15
2481a70.1930: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
2491a70.1930: FileDescription: ApiSet Schema DLL
2501a70.1930: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2511a70.1930: supR3HardenedWinFindAdversaries: 0x0
2521a70.1930: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2531a70.1930: Calling main()
2541a70.1930: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2551a70.1930: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2561a70.1930: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2571a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2581a70.1930: SUPR3HardenedMain: Respawn #2
2591a70.1930: supR3HardNtEnableThreadCreation:
2601a70.1930: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2611a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
2621a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2631a70.1930: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2641a70.1930: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeaf40000 'C:\WINDOWS\System32\ntdll.dll'
2651a70.1930: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
2661a70.1930: supR3HardenedWinDoReSpawn(2): New child 2f44.2ad4 [kernel32].
2671a70.1930: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2681a70.1930: supR3HardNtChildGatherData: PebBaseAddress=0000000000298000 cbPeb=0x388
2691a70.1930: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffaeaf40000 uNtDllChildAddr=00007ffaeaf40000
2701a70.1930: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffaeafb9280
2711a70.1930: supR3HardenedWinSetupChildInit: Start child.
2721a70.1930: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2731a70.1930: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 30 sleeps
2741a70.1930: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2751a70.1930: *0000000000000000-000000000003ffff 0x0001/0x0000 0x0000000
2761a70.1930: *0000000000040000-000000000005ffff 0x0004/0x0004 0x0020000
2771a70.1930: *0000000000060000-0000000000078fff 0x0002/0x0002 0x0040000
2781a70.1930: 0000000000079000-000000000007ffff 0x0001/0x0000 0x0000000
2791a70.1930: *0000000000080000-000000000017afff 0x0000/0x0004 0x0020000
2801a70.1930: 000000000017b000-000000000017dfff 0x0104/0x0004 0x0020000
2811a70.1930: 000000000017e000-000000000017ffff 0x0004/0x0004 0x0020000
2821a70.1930: *0000000000180000-0000000000183fff 0x0002/0x0002 0x0040000
2831a70.1930: 0000000000184000-000000000018ffff 0x0001/0x0000 0x0000000
2841a70.1930: *0000000000190000-0000000000190fff 0x0004/0x0004 0x0020000
2851a70.1930: 0000000000191000-00000000001fffff 0x0001/0x0000 0x0000000
2861a70.1930: *0000000000200000-0000000000297fff 0x0000/0x0004 0x0020000
2871a70.1930: 0000000000298000-000000000029afff 0x0004/0x0004 0x0020000
2881a70.1930: 000000000029b000-00000000003fffff 0x0000/0x0004 0x0020000
2891a70.1930: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
2901a70.1930: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2911a70.1930: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2921a70.1930: 000000007fff0000-00007ff74a90ffff 0x0001/0x0000 0x0000000
2931a70.1930: *00007ff74a910000-00007ff74a932fff 0x0002/0x0002 0x0040000
2941a70.1930: 00007ff74a933000-00007ff74b69ffff 0x0001/0x0000 0x0000000
2951a70.1930: *00007ff74b6a0000-00007ff74b6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2961a70.1930: 00007ff74b6a1000-00007ff74b711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2971a70.1930: 00007ff74b712000-00007ff74b712fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2981a70.1930: 00007ff74b713000-00007ff74b758fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2991a70.1930: 00007ff74b759000-00007ff74b759fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3001a70.1930: 00007ff74b75a000-00007ff74b75afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3011a70.1930: 00007ff74b75b000-00007ff74b75ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3021a70.1930: 00007ff74b760000-00007ff74b760fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3031a70.1930: 00007ff74b761000-00007ff74b761fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3041a70.1930: 00007ff74b762000-00007ff74b765fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3051a70.1930: 00007ff74b766000-00007ff74b7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3061a70.1930: 00007ff74b7ae000-00007ffaeaf3ffff 0x0001/0x0000 0x0000000
3071a70.1930: *00007ffaeaf40000-00007ffaeaf40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3081a70.1930: 00007ffaeaf41000-00007ffaeb052fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3091a70.1930: 00007ffaeb053000-00007ffaeb098fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3101a70.1930: 00007ffaeb099000-00007ffaeb0a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3111a70.1930: 00007ffaeb0a1000-00007ffaeb0aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3121a70.1930: 00007ffaeb0af000-00007ffaeb0affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3131a70.1930: 00007ffaeb0b0000-00007ffaeb0b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3141a70.1930: 00007ffaeb0b3000-00007ffaeb11ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3151a70.1930: 00007ffaeb120000-00007ffffffdffff 0x0001/0x0000 0x0000000
3161a70.1930: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
3171a70.1930: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
3181a70.1930: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3191a70.1930: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3201a70.1930: supR3HardNtChildPurify: Done after 417 ms and 0 fixes (loop #0).
3211a70.1930: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
3222f44.2ad4: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
3232f44.2ad4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffaeaf40000 g_uNtVerCombined=0xa03fab00
3241a70.1930: supR3HardNtEnableThreadCreation:
3252f44.2ad4: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS)
3262f44.2ad4: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation)
3272f44.2ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
3282f44.2ad4: System32: \Device\HarddiskVolume3\Windows\System32
3292f44.2ad4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
3302f44.2ad4: KnownDllPath: C:\WINDOWS\System32
3312f44.2ad4: supR3HardenedVmProcessInit: Opening vboxdrv...
3322f44.2ad4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3332f44.2ad4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3342f44.2ad4: Registered Dll notification callback with NTDLL.
3352f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
3362f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
3372f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3382f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7ce0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3392f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
3402f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
3412f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea390000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3422f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3432f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\KERNEL32.DLL'
3442f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ff74b6a0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3452f44.2ad4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3462f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3472f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3482f44.2ad4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
3491a70.1930: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 438 ms.
3502f44.2ad4: \SystemRoot\System32\ntdll.dll:
3512f44.2ad4: CreationTime: 2018-05-12T15:55:16.869061300Z
3522f44.2ad4: LastWriteTime: 2018-04-15T21:49:20.567835100Z
3532f44.2ad4: ChangeTime: 2018-05-12T22:01:25.127612500Z
3542f44.2ad4: FileAttributes: 0x20
3552f44.2ad4: Size: 0x1dd108
3562f44.2ad4: NT Headers: 0xe0
3572f44.2ad4: Timestamp: 0xd826f10d
3582f44.2ad4: Machine: 0x8664 - amd64
3592f44.2ad4: Timestamp: 0xd826f10d
3602f44.2ad4: Image Version: 10.0
3612f44.2ad4: SizeOfImage: 0x1e0000 (1966080)
3622f44.2ad4: Resource Dir: 0x174000 LB 0x6a1d8
3632f44.2ad4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3642f44.2ad4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3652f44.2ad4: ProductName: Microsoft® Windows® Operating System
3662f44.2ad4: ProductVersion: 10.0.16299.402
3672f44.2ad4: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
3682f44.2ad4: FileDescription: NT Layer DLL
3692f44.2ad4: \SystemRoot\System32\kernel32.dll:
3702f44.2ad4: CreationTime: 2018-05-12T15:52:09.711235800Z
3712f44.2ad4: LastWriteTime: 2018-05-03T07:43:30.892187700Z
3722f44.2ad4: ChangeTime: 2018-05-12T22:01:16.470159100Z
3732f44.2ad4: FileAttributes: 0x20
3742f44.2ad4: Size: 0xab868
3752f44.2ad4: NT Headers: 0xe8
3762f44.2ad4: Timestamp: 0x309fae94
3772f44.2ad4: Machine: 0x8664 - amd64
3782f44.2ad4: Timestamp: 0x309fae94
3792f44.2ad4: Image Version: 10.0
3802f44.2ad4: SizeOfImage: 0xae000 (712704)
3812f44.2ad4: Resource Dir: 0xac000 LB 0x520
3822f44.2ad4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3832f44.2ad4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3842f44.2ad4: ProductName: Microsoft® Windows® Operating System
3852f44.2ad4: ProductVersion: 10.0.16299.431
3862f44.2ad4: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
3872f44.2ad4: FileDescription: Windows NT BASE API Client DLL
3882f44.2ad4: \SystemRoot\System32\KernelBase.dll:
3892f44.2ad4: CreationTime: 2018-05-12T15:54:58.795535300Z
3902f44.2ad4: LastWriteTime: 2018-04-15T21:51:08.343639800Z
3912f44.2ad4: ChangeTime: 2018-05-12T22:01:23.722066200Z
3922f44.2ad4: FileAttributes: 0x20
3932f44.2ad4: Size: 0x265c00
3942f44.2ad4: NT Headers: 0xf0
3952f44.2ad4: Timestamp: 0xde35406a
3962f44.2ad4: Machine: 0x8664 - amd64
3972f44.2ad4: Timestamp: 0xde35406a
3982f44.2ad4: Image Version: 10.0
3992f44.2ad4: SizeOfImage: 0x266000 (2514944)
4002f44.2ad4: Resource Dir: 0x245000 LB 0x548
4012f44.2ad4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4022f44.2ad4: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
4032f44.2ad4: ProductName: Microsoft® Windows® Operating System
4042f44.2ad4: ProductVersion: 10.0.16299.402
4052f44.2ad4: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
4062f44.2ad4: FileDescription: Windows NT BASE API Client DLL
4072f44.2ad4: \SystemRoot\System32\apisetschema.dll:
4082f44.2ad4: CreationTime: 2017-09-29T13:42:07.095026600Z
4092f44.2ad4: LastWriteTime: 2017-09-29T13:42:07.095026600Z
4102f44.2ad4: ChangeTime: 2018-05-12T16:19:54.262649500Z
4112f44.2ad4: FileAttributes: 0x20
4122f44.2ad4: Size: 0x1b398
4132f44.2ad4: NT Headers: 0xc8
4142f44.2ad4: Timestamp: 0xf30abf31
4152f44.2ad4: Machine: 0x8664 - amd64
4162f44.2ad4: Timestamp: 0xf30abf31
4172f44.2ad4: Image Version: 10.0
4182f44.2ad4: SizeOfImage: 0x1c000 (114688)
4192f44.2ad4: Resource Dir: 0x1b000 LB 0x408
4202f44.2ad4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4212f44.2ad4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
4222f44.2ad4: ProductName: Microsoft® Windows® Operating System
4232f44.2ad4: ProductVersion: 10.0.16299.15
4242f44.2ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
4252f44.2ad4: FileDescription: ApiSet Schema DLL
4262f44.2ad4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4272f44.2ad4: supR3HardenedWinFindAdversaries: 0x0
4282f44.2ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4292f44.2ad4: Calling main()
4302f44.2ad4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4312f44.2ad4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
4322f44.2ad4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4332f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4342f44.2ad4: SUPR3HardenedMain: Final process, opening VBoxDrv...
4352f44.2ad4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
4362f44.2ad4: supR3HardNtEnableThreadCreation:
4372f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4382f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4392f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4402f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4412f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae3ce0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4422f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4432f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4442f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4452f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4462f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4472f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4482f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4492f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4502f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4512f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4522f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4532f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
4542f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
4552f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
4562f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4582f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
4592f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
4602f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
4612f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
4622f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4632f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4642f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
4652f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
4662f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
4672f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4682f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4692f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msasn1.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
4702f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
4712f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
4722f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
4732f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4742f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4752f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
4762f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
4772f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
4782f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
4792f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4802f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4812f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4822f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4832f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8410000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
4842f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4852f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae72b0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
4862f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4872f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7420000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
4882f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
4892f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
4902f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
4912f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
4922f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8240000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
4932f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4942f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea930000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
4952f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4962f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8ac0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
4972f44.2ad4: \Device\HarddiskVolume3\Windows\System32\sechost.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
4982f44.2ad4: \Device\HarddiskVolume3\Windows\System32\sechost.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
4992f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
5002f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
5012f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
5022f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea6e0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
5032f44.2ad4: \Device\HarddiskVolume3\Windows\System32\advapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
5042f44.2ad4: \Device\HarddiskVolume3\Windows\System32\advapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
5052f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5062f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
5072f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
5082f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
5092f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
5102f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7340000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
5112f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5122f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5132f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5142f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-synch-l1-2-0'
5152f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5162f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5172f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-fibers-l1-1-1'
5182f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5192f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5202f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-fibers-l1-1-1'
5212f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5222f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5232f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-synch-l1-2-0'
5242f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5252f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5262f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-l1-2-1'
5272f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\WINDOWS\system32\Wintrust.dll'
5282f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
5292f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
5302f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
5312f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
5322f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5332f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5342f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5352f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
5362f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
5372f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5382f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5392f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5402f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5412f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5422f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5432f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5442f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5452f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5462f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6d90000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
5472f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5482f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae6d90000 'C:\WINDOWS\system32\bcrypt.dll'
5492f44.2ad4: bcrypt.dll loaded at 00007ffae6d90000, BCryptOpenAlgorithmProvider at 00007ffae6d92590, preloading providers:
5502f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
5512f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
5522f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
5532f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
5542f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5552f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae73a0000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
5562f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5572f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae73a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
5582f44.2ad4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002aa53b0)
5592f44.2ad4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002aaf9b0)
5602f44.2ad4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002aafc80)
5612f44.2ad4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002aaff50)
5622f44.2ad4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002ab0220)
5632f44.2ad4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002ab04f0)
5642f44.2ad4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002ab07c0)
5652f44.2ad4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002ab0a90)
5662f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5672f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5682f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5692f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5702f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5712f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5722f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5732f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5742f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5752f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5762f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5772f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5782f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5792f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5802f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5812f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5822f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5832f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5842f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5852f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
5862f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
5872f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
5882f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
5892f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
5902f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
5912f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6c90000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5922f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5932f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
5942f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
5952f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
5962f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
5972f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
5982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6002f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6012f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6022f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6032f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae66c0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
6042f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6052f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
6062f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
6072f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
6082f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
6092f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
6102f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
6112f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6c80000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
6122f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6132f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6142f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
6152f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
6162f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6172f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6182f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\kernel32.dll'
6192f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6202f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
6212f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6222f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6232f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\CRYPT32.dll'
6242f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae85c0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
6252f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
6262f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
6272f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
6282f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
6292f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6302f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6312f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
6322f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gpapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
6332f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
6342f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6352f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6362f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
6372f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
6382f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5fb0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
6392f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6402f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7290000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6412f44.2ad4: \Device\HarddiskVolume3\Windows\System32\profapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
6422f44.2ad4: \Device\HarddiskVolume3\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
6432f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
6442f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
6452f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
6462f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
6472f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6482f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6492f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
6502f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
6512f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6522f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6532f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6542f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6552f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6562f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6582f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6592f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6602f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6612f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6622f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6632f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6642f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6652f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac9590000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
6662f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6672f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6682f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6692f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6702f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6712f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6722f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6732f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6742f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6752f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6762f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6772f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6782f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6792f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6802f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6812f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6822f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6832f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6842f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6852f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6862f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6872f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6882f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6892f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6902f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6912f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6922f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6932f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6942f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6952f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
6962f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6972f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\Windows\System32\cryptnet.dll'
6982f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6992f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7002f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7012f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7022f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7032f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7042f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
7052f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002abecc0
7062f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
7072f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3AA809FAB5503D5FF9AD3FF567064FBB4406C07
7082f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7092f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7102f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea930000 'C:\WINDOWS\System32\rpcrt4.dll'
7112f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7122f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7132f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7142f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7152f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7162f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7172f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7182f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7192f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7202f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7212f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7222f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7232f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7242f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7252f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
7262f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7272f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7282f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7292f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7302f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7312f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7322f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1189_for_KB4103727~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\SystemRoot\System32\ntdll.dll'
7332f44.2ad4: g_pfnWinVerifyTrust=00007ffae7346bc0
7342f44.2ad4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
7352f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7362f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7372f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7382f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7392f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7402f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7412f44.2ad4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
7422f44.2ad4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
7432f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7442f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7452f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7462f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7472f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7482f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7492f44.2ad4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
7502f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
7512f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
7522f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
7532f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
7542f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7552f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7562f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7572f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7582f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
7592f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
7602f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
7612f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7632f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7642f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
7652f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7662f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7672f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7682f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
7692f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7702f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7712f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7722f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
7732f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7742f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7752f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7762f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
7772f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7782f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7792f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7802f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
7812f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7822f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7832f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
7842f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7852f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7862f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7872f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7882f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
7892f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
7902f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
7912f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7922f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7932f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
7942f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7952f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7962f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
7972f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
7982f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
7992f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
8002f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8012f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8022f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
8032f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8042f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8052f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
8062f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8072f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8082f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
8092f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8102f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8112f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
8122f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8132f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
8142f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8152f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
8162f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8172f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8182f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
8192f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8202f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8212f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
8222f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\system32\crypt32.dll'
8232f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
8242f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
8252f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
8262f44.2ad4: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA
8272f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
8282f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
8292f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
8302f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
8312f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
8322f44.2ad4: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
8332f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
8342f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
8352f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
8362f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
8372f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
8382f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
8392f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
8402f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
8412f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
8422f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
8432f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
8442f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
8452f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
8462f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
8472f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
8482f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
8492f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
8502f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
8512f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
8522f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
8532f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
8542f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
8552f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
8562f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
8572f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
8582f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
8592f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
8602f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
8612f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
8622f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
8632f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
8642f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
8652f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
8662f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
8672f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
8682f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
8692f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
8702f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
8712f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
8722f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
8732f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
8742f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
8752f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
8762f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
8772f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
8782f44.2ad4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
8792f44.2ad4: SUPR3HardenedMain: Load Runtime...
8802f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8812f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
8822f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
8832f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
8842f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
8852f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
8862f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
8872f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8882f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8892f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
8912f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
8922f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
8932f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
8942f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
8952f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
8962f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8972f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
8982f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
8992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
9002f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
9012f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9022f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9032f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9042f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
9052f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
9062f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
9072f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9092f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9102f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
9112f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
9122f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9132f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
9142f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
9152f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
9162f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
9172f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9182f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9192f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9202f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9212f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000073f40000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
9222f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
9232f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000073ea0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
9242f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
9252f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea1b0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
9262f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9272f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffab1e90000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9282f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9292f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
9302f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
9312f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9322f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9332f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9342f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9352f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9362f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9372f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9382f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9392f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9402f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9412f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9422f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9432f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9442f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9452f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9462f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9472f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9482f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9492f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9502f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9512f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9522f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9532f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9542f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9552f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9562f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9572f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9582f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9592f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9602f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9612f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9632f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9642f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9652f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9662f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9672f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9682f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9692f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9702f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9712f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9722f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9732f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9742f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9752f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9762f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9772f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9782f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9792f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9802f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\WINDOWS\system32\Wintrust.dll'
9812f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
9822f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
9832f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9842f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9852f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
9862f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
9872f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\system32\crypt32.dll'
9882f44.2ad4: SUPR3HardenedMain: Load TrustedMain...
9892f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
9902f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
9912f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9922f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
9932f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
9942f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
9952f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
9962f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
9972f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
9982f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
9992f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
10002f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
10012f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
10022f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
10032f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
10042f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
10052f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
10062f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
10072f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
10082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
10092f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmm.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
10102f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
10112f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
10122f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
10132f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
10142f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10152f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
10162f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
10172f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10182f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10192f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10202f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10212f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
10222f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
10232f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
10242f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
10252f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
10262f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
10272f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10282f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
10292f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
10302f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10312f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10322f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
10332f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
10342f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10352f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10362f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
10372f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
10382f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
10392f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
10402f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
10412f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
10422f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10432f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10442f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ole32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
10452f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
10462f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10472f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10482f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
10492f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10502f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10512f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
10522f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
10532f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
10542f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
10552f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
10562f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
10572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
10582f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
10592f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
10602f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
10612f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
10622f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
10632f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
10642f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
10652f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
10662f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10672f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10682f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
10692f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
10702f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
10712f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
10722f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
10732f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
10742f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
10752f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
10762f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
10772f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
10782f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
10792f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
10802f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
10812f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10822f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10832f44.2ad4: \Device\HarddiskVolume3\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
10842f44.2ad4: \Device\HarddiskVolume3\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
10852f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
10862f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
10872f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
10882f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
10892f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
10902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10912f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10922f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gdi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
10932f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
10942f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
10952f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
10962f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
10972f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11002f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11012f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11022f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
11032f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
11042f44.2ad4: \Device\HarddiskVolume3\Windows\System32\win32u.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
11052f44.2ad4: \Device\HarddiskVolume3\Windows\System32\win32u.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
11062f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
11072f44.2ad4: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
11082f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
11092f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
11102f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
11112f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
11122f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11132f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
11142f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
11152f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
11162f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
11172f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11182f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11192f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
11202f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11212f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11222f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
11232f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11242f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11252f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11262f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11272f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11282f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
11292f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11302f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11312f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
11322f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
11332f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
11342f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
11352f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
11362f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
11372f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
11382f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
11392f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
11402f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
11412f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
11422f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
11432f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
11442f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
11452f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
11462f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11472f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11482f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11492f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11502f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11512f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
11522f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11532f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
11542f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
11552f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
11562f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11572f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
11582f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
11592f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
11602f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
11612f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
11622f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11632f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
11642f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
11652f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
11662f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
11672f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
11682f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
11692f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
11702f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11712f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11722f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
11732f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
11742f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
11752f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
11762f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
11772f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
11782f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
11792f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
11802f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
11812f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
11822f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
11832f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
11842f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
11852f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
11862f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11872f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11882f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
11892f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11912f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
11922f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11932f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11942f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
11952f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
11962f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
11972f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
11982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
11992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
12002f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
12012f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12022f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12032f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12042f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12052f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12062f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12072f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12092f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12102f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12112f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12122f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12132f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
12142f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
12152f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
12162f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12172f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12182f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12192f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12202f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12212f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12222f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12232f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12242f44.2ad4: \Device\HarddiskVolume3\Windows\System32\opengl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
12252f44.2ad4: \Device\HarddiskVolume3\Windows\System32\opengl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
12262f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
12272f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12282f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
12292f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12302f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
12312f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
12322f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
12332f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
12342f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12352f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12362f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
12372f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12382f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12392f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
12402f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12412f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12422f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12432f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
12442f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
12452f44.2ad4: \Device\HarddiskVolume3\Windows\System32\mpr.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
12462f44.2ad4: \Device\HarddiskVolume3\Windows\System32\mpr.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
12472f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
12482f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
12492f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
12502f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12512f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12522f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12532f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12542f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12552f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
12562f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12582f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
12592f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12602f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12612f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
12622f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12632f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12642f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12652f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
12662f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
12672f44.2ad4: \Device\HarddiskVolume3\Windows\System32\glu32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
12682f44.2ad4: \Device\HarddiskVolume3\Windows\System32\glu32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
12692f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
12702f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12712f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12722f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
12732f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
12742f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
12752f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12762f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12772f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12782f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12792f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12802f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12812f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12822f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12832f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
12842f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12852f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12862f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12872f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
12882f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
12892f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
12902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12912f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12922f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
12932f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12942f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12952f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
12962f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
12972f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
12982f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
12992f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
13002f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13012f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
13022f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
13032f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
13042f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
13052f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13062f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13072f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13082f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
13092f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13102f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13112f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13122f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
13132f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
13142f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
13152f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13162f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
13172f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
13182f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
13192f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
13202f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
13212f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
13222f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
13232f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
13242f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
13252f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winspool.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
13262f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winspool.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
13272f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
13282f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13292f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
13302f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
13312f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
13322f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
13332f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13342f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13352f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
13362f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13372f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13382f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
13392f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13402f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13412f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
13422f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13432f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13442f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
13452f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13462f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13472f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13482f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
13492f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
13502f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
13512f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
13522f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
13532f44.2ad4: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
13542f44.2ad4: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
13552f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'.
13562f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)
13572f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
13582f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13592f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13602f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13612f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13622f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
13632f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
13642f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
13652f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
13662f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
13672f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13682f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
13692f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
13702f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
13712f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13722f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13732f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13742f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13752f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13762f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
13772f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13782f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
13792f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
13802f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
13812f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
13822f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13832f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13842f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13852f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13862f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13872f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13882f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13892f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13902f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13912f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13922f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13932f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13942f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13952f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13962f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13972f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14002f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
14012f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
14022f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
14032f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14042f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14052f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
14062f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
14072f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
14082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14092f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14102f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
14112f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
14122f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
14132f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14142f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14152f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
14162f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
14172f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
14182f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14192f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14202f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14212f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14222f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14232f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14242f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14252f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
14262f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000568 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
14272f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
14282f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
14292f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
14302f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
14312f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
14322f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
14332f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14342f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
14352f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
14362f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
14372f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14382f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14392f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14402f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14412f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14422f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14432f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
14442f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14452f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
14462f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
14472f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
14482f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14492f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
14502f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll)
14512f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll
14522f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
14532f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
14542f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7520000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
14552f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
14562f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae80f0000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
14572f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
14582f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7f50000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
14592f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
14602f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
14612f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
14622f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
14632f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
14642f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
14652f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea440000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
14662f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
14672f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8be0000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
14682f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffad1a70000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
14692f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
14702f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac3320000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
14712f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14722f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7540000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
14732f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
14742f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
14752f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
14762f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
14772f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae85e0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
14782f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
14792f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea5d0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
14802f44.2ad4: \Device\HarddiskVolume3\Windows\System32\SHCore.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
14812f44.2ad4: \Device\HarddiskVolume3\Windows\System32\SHCore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
14822f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14832f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
14842f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
14852f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
14862f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
14872f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaeaa50000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
14882f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
14892f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7320000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
14902f44.2ad4: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
14912f44.2ad4: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
14922f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
14932f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
14942f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
14952f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
14962f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae72d0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
14972f44.2ad4: \Device\HarddiskVolume3\Windows\System32\powrprof.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
14982f44.2ad4: \Device\HarddiskVolume3\Windows\System32\powrprof.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
14992f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
15002f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
15012f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
15022f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7590000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
15032f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15042f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
15052f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
15062f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
15072f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
15082f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
15092f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8d70000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
15102f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
15112f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea470000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
15122f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15132f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffad5590000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
15142f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
15152f44.2ad4: supR3HardenedDllNotificationCallback: load 00000000734f0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
15162f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15172f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaae950000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
15182f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15192f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000072f80000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
15202f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15212f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6850000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
15222f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
15232f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffad9410000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
15242f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
15252f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffacf650000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\COMCTL32.dll [fFlags=0x0]
15262f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll [avoiding WinVerifyTrust]
15272f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae84b0000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
15282f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
15292f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac3d80000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
15302f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
15312f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000073e40000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
15322f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
15332f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea220000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
15342f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
15352f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4e70000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
15362f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
15372f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae51a0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
15382f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
15392f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaafbd0000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
15402f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
15412f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
15422f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
15432f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
15442f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
15452f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
15462f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
15472f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
15482f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
15492f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
15502f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
15512f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
15522f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
15532f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll'.
15542f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll' [rescheduled]
15552f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
15562f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
15572f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
15582f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
15592f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'.
15602f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL' [rescheduled]
15612f44.2ad4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
15622f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
15632f44.2ad4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
15642f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
15652f44.2ad4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
15662f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
15672f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
15682f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
15692f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
15702f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
15712f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
15722f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
15732f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
15742f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
15752f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
15762f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
15772f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
15782f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
15792f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
15802f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
15812f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
15822f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
15832f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15842f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
15852f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
15862f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
15872f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
15882f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15892f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15912f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15922f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15932f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15942f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15952f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15962f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15972f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
15992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
16002f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
16012f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
16022f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
16032f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16042f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16052f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16062f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16072f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16092f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16102f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16112f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
16122f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16132f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16142f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16152f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16162f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16172f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16182f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16192f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
16202f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
16212f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
16222f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
16232f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
16242f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16252f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16262f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16272f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16282f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
16292f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
16302f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16312f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16322f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16332f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16342f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16352f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\kernel32.dll'
16362f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
16372f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16382f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-string-l1-1-0'
16392f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
16402f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16412f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-datetime-l1-1-1'
16422f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
16432f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16442f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-obsolete-l1-2-0'
16452f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
16462f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
16472f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
16482f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
16492f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
16502f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
16512f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
16522f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
16532f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
16542f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
16552f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
16562f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
16572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16582f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16592f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
16602f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8b20000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
16612f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
16622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8b20000 'C:\WINDOWS\system32\IMM32.DLL'
16632f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
16642f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
16652f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
16662f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
16672f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
16682f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16692f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8b20000 'C:\WINDOWS\System32\imm32.dll'
16702f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16712f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
16722f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea6e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16732f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaafbd0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
16742f44.2ad4: SUPR3HardenedMain: Calling TrustedMain (00007ffaafbd14f0)...
16752f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
16762f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16772f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
16782f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16792f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16802f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16812f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
16822f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16832f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16842f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
16852f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
16862f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
16872f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
16882f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
16892f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16912f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16922f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16932f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16942f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16952f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16962f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16972f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16992f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
17002f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17012f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17022f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
17032f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17042f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17052f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17062f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17072f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17082f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17092f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
17102f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
17112f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
17122f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
17132f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
17142f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
17152f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17162f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17172f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
17182f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17192f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17202f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17212f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17222f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17232f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
17242f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
17252f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
17262f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
17272f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17282f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17292f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac3c50000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
17302f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
17312f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3c50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
17322f44.2ad4: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
17332f44.2ad4: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
17342f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000704 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17352f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
17362f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
17372f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
17382f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
17392f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
17402f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
17412f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17422f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17432f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
17442f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
17452f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
17462f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17472f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17482f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17492f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17502f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17512f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17522f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17532f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
17542f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
17552f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17562f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5500000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
17572f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
17582f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae5500000 'C:\WINDOWS\system32\uxtheme.dll'
17592f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'C:\WINDOWS\system32\user32.dll'
17602f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
17612f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
17632f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
17642f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
17652f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
17662f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
17672f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17682f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea5d0000 'C:\WINDOWS\system32\SHCore.dll'
17692f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
17702f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
17712f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
17722f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
17732f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17742f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
17752f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
17762f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
17772f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
17782f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
17792f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5770000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
17802f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
17812f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17822f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17832f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17842f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17852f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
17862f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
17872f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
17882f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17892f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17902f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
17912f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
17922f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
17932f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17942f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17952f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\system32\winmm.dll'
17962f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17972f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17982f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\system32\winmm.dll'
17992f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
18002f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18012f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
18022f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
18032f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18042f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae5500000 'C:\WINDOWS\system32\uxtheme.dll'
18052f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18062f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18072f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea6e0000 'C:\WINDOWS\system32\advapi32.dll'
18082f44.2ad4: \Device\HarddiskVolume3\Windows\System32\userenv.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
18092f44.2ad4: \Device\HarddiskVolume3\Windows\System32\userenv.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
18102f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
18112f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
18122f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
18132f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
18142f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
18152f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
18162f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
18172f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
18182f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
18192f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18202f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18212f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18222f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
18232f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7190000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
18242f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
18252f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7190000 'C:\WINDOWS\system32\userenv.dll'
18262f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
18272f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18282f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\kernel32.dll'
18292f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea2f0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
18302f44.2ad4: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
18312f44.2ad4: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
18322f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18332f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
18342f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
18352f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
18362f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18372f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18382f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
18392f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18402f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18412f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
18422f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
18432f44.264c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
18442f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
18452f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18462f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18472f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
18482f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18492f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18502f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18512f44.264c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
18522f44.264c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
18532f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18542f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18552f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18562f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18572f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18582f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18592f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18602f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18612f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18622f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18632f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18642f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18652f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
18662f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18672f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18682f44.264c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
18692f44.264c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
18702f44.264c: supR3HardenedDllNotificationCallback: load 00007ffaae400000 LB 0x00544000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
18712f44.264c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
18722f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
18732f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
18742f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18752f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
18762f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18772f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
18782f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
18792f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
18802f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18812f44.264c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
18822f44.264c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
18832f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18842f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18852f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18862f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18872f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18882f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18892f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18902f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
18912f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18922f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18932f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
18942f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
18952f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
18962f44.264c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
18972f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18982f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18992f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19002f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19012f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19022f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19032f44.264c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19042f44.264c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
19052f44.264c: supR3HardenedDllNotificationCallback: load 00007ffac0a00000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
19062f44.264c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
19072f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0a00000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
19082f44.264c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19092f44.264c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
19102f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea220000 'C:\Windows\System32\oleaut32.dll'
19112f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
19122f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19132f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea440000 'C:\WINDOWS\system32\gdi32.dll'
19142f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19152f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19162f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
19172f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae88f0000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
19182f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19192f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
19202f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
19212f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
19222f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
19232f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
19242f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
19252f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19262f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19272f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
19282f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19292f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19302f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19312f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19322f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19332f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19342f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19352f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19362f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19372f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
19382f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
19392f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
19402f44.2ad4: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
19412f44.2ad4: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
19422f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009fc pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
19432f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
19442f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
19452f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
19462f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
19472f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
19482f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
19492f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19502f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19512f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
19522f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
19532f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
19542f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
19552f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
19562f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
19572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
19582f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
19592f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dcomp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
19602f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dcomp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
19612f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
19622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
19632f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
19642f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19652f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
19662f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
19672f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
19682f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
19692f44.2ad4: \Device\HarddiskVolume3\Windows\System32\d3d11.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
19702f44.2ad4: \Device\HarddiskVolume3\Windows\System32\d3d11.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
19712f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19722f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19732f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19742f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19752f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19762f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
19772f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
19782f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19792f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
19802f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
19812f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
19822f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
19832f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
19842f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
19852f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
19862f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19872f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19882f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19892f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
19902f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
19912f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dxgi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
19922f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dxgi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
19932f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
19942f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19952f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
19962f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
19972f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
19982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20002f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
20012f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
20022f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
20032f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20042f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20052f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
20062f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
20072f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
20082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
20092f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
20102f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
20112f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20122f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20132f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20142f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
20152f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
20162f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
20172f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20182f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6030000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
20192f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
20202f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4320000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
20212f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
20222f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4cc0000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
20232f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
20242f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae3120000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
20252f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
20262f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
20272f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
20282f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea440000 'C:\WINDOWS\System32\gdi32.dll'
20292f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3120000 'C:\WINDOWS\system32\dataexchange.dll'
20302f44.2ad4: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
20312f44.2ad4: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
20322f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20332f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
20342f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
20352f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
20362f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
20372f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
20382f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
20392f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rmclient.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
20402f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rmclient.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
20412f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20422f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
20432f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
20442f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
20452f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5860000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
20462f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
20472f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae58b0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
20482f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
20492f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20502f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20512f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20522f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20532f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
20542f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
20552f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
20562f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
20572f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
20582f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
20592f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20602f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20612f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
20622f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
20632f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
20642f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20652f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20662f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
20672f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
20682f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
20692f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
20702f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
20712f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
20722f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
20732f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
20742f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae88f0000 'C:\WINDOWS\System32\MSCTF.dll'
20752f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
20762f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
20772f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20782f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20792f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea470000 'C:\WINDOWS\System32\ole32.dll'
20802f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20812f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20822f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea220000 'C:\WINDOWS\System32\OLEAUT32.dll'
20832f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
20842f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
20852f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a50 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
20862f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
20872f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
20882f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
20892f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
20902f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20912f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
20922f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
20932f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1146_for_KB4103727~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
20942f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20952f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20962f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20972f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
20982f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20992f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
21002f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21012f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21022f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
21032f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
21042f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
21052f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
21062f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
21072f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
21082f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
21092f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
21102f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
21112f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21122f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21132f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
21142f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
21152f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
21162f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
21172f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21182f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21192f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
21202f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21212f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21222f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21232f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21242f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
21252f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
21262f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
21272f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
21282f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21292f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21302f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21312f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
21322f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
21332f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadf4f0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
21342f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
21352f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadf5b0000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
21362f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
21372f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
21382f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21392f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21402f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf5b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
21412f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
21422f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
21432f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
21442f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3E3EC800057E0E9FAFD03419437E41507961923
21452f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
21462f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
21472f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1146_for_KB4103727~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
21482f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21492f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21502f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
21512f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21522f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
21532f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21542f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21552f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21562f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21572f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21582f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
21592f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadd030000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
21602f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
21612f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd030000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
21622f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
21632f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21642f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-l1-2-0.dll'
21652f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
21662f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
21672f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
21682f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
21692f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
21702f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
21712f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
21722f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
21732f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
21742f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
21752f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
21762f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
21772f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21782f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21792f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
21802f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21812f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
21822f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21832f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21842f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
21852f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21862f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21872f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21882f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
21892f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffade340000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
21902f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
21912f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffade340000 'C:\WINDOWS\system32\wbem\fastprox.dll'
21922f44.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
21932f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21942f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21952f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21962f44.1774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
21972f44.1774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
21982f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21992f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22002f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
22012f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
22022f44.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
22032f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
22042f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22052f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22062f44.1774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
22072f44.1774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
22082f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22092f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22102f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22112f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22122f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22132f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22142f44.1774: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22152f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22162f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22172f44.1774: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22182f44.1774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22192f44.1774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
22202f44.1774: supR3HardenedDllNotificationCallback: load 0000000073d30000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22212f44.1774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
22222f44.1774: supR3HardenedDllNotificationCallback: load 00007ffab18c0000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22232f44.1774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22242f44.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab18c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22252f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
22262f44.29b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
22272f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22282f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22292f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22302f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22312f44.29b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
22322f44.29b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22332f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22342f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22352f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22362f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22372f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22382f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22392f44.29b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22402f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22412f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22422f44.29b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22432f44.29b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22442f44.29b4: supR3HardenedDllNotificationCallback: load 00007ffae3cd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
22452f44.29b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
22462f44.29b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3cd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
22472f44.29b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'C:\WINDOWS\system32\User32.dll'
22482f44.1b68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
22492f44.1b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22502f44.1b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22512f44.1b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22522f44.1b68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
22532f44.1b68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22542f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22552f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22562f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22572f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22582f44.1b68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
22592f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22602f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22612f44.1b68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22622f44.1b68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22632f44.1b68: supR3HardenedDllNotificationCallback: load 00007ffae2170000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
22642f44.1b68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
22652f44.1b68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2170000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
22662f44.2f50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
22672f44.2f50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22682f44.2f50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22692f44.2f50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22702f44.2f50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
22712f44.2f50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22722f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22732f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22742f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22752f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22762f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22772f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22782f44.2f50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22792f44.2f50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22802f44.2f50: supR3HardenedDllNotificationCallback: load 00007ffadd810000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
22812f44.2f50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
22822f44.2f50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd810000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
22832f44.245c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
22842f44.245c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22852f44.245c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22862f44.245c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22872f44.245c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
22882f44.245c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22892f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22902f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22912f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22922f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22932f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22942f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22952f44.245c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
22962f44.245c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22972f44.245c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
22982f44.245c: supR3HardenedDllNotificationCallback: load 00007ffadd640000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
22992f44.245c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23002f44.245c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd640000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
23012f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\Shell32.dll'
23022f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23032f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23042f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23052f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23062f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23072f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23082f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
23092f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
23102f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23112f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23122f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
23132f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
23142f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
23152f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
23162f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
23172f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
23182f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
23192f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
23202f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23212f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
23222f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
23232f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23242f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23252f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23262f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23272f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23282f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
23292f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23302f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23312f44.153c: \Device\HarddiskVolume3\Windows\System32\setupapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
23322f44.153c: \Device\HarddiskVolume3\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
23332f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23342f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
23352f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23362f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
23372f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
23382f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
23392f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
23402f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23412f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23422f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
23432f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
23442f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23452f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23462f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
23472f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23482f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23492f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23502f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23512f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23522f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23532f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23542f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
23552f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23562f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
23572f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
23582f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23592f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23602f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23612f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23622f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
23632f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23642f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23652f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23662f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
23672f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
23682f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
23692f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23702f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23712f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23722f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23732f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23742f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23752f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23762f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23772f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23782f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23792f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23802f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23812f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
23822f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23832f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23842f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23852f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23862f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23872f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23882f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23892f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
23902f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23912f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23922f44.153c: supR3HardenedDllNotificationCallback: load 00007ffaeaab0000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
23932f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
23942f44.153c: supR3HardenedDllNotificationCallback: load 00007ffac0990000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
23952f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
23962f44.153c: supR3HardenedDllNotificationCallback: load 00007ffabe440000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
23972f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
23982f44.153c: supR3HardenedDllNotificationCallback: load 00007ffaac4e0000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
23992f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
24002f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaac4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
24012f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24022f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
24032f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24042f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
24052f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24062f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24072f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24082f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabe440000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
24092f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24102f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24112f44.2e20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24122f44.2e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24132f44.2e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24142f44.2e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24152f44.2e20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
24162f44.2e20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24172f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24182f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24192f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24202f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24212f44.2e20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24222f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24232f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24242f44.2e20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24252f44.2e20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24262f44.2e20: supR3HardenedDllNotificationCallback: load 00007ffadd630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
24272f44.2e20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
24282f44.2e20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd630000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
24292f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
24302f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24312f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae6850000 'C:\WINDOWS\system32\Iphlpapi.dll'
24322f44.153c: \Device\HarddiskVolume3\Windows\System32\winnsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
24332f44.153c: \Device\HarddiskVolume3\Windows\System32\winnsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
24342f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24352f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
24362f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
24372f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
24382f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae8bd0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
24392f44.153c: \Device\HarddiskVolume3\Windows\System32\nsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
24402f44.153c: \Device\HarddiskVolume3\Windows\System32\nsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
24412f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
24422f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
24432f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae1f20000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
24442f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
24452f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
24462f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
24472f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24482f44.153c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
24492f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
24502f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae1460000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
24512f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
24522f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
24532f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
24542f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24552f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
24562f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
24572f44.153c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
24582f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
24592f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae1440000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
24602f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
24612f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
24622f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
24632f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
24642f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
24652f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24662f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24672f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24682f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24692f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24702f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24712f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24722f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24732f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24742f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24752f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24762f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24772f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
24782f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24792f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24802f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24812f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
24822f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
24832f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24842f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
24852f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd4 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
24862f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
24872f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
24882f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
24892f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24902f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
24912f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
24922f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24932f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
24942f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24952f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
24962f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
24972f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
24982f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
24992f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
25002f44.153c: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
25012f44.153c: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
25022f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
25032f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
25042f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25052f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
25062f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
25072f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
25082f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
25092f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
25102f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
25112f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
25122f44.153c: \Device\HarddiskVolume3\Windows\System32\propsys.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
25132f44.153c: \Device\HarddiskVolume3\Windows\System32\propsys.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
25142f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
25152f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
25162f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25172f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
25182f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
25192f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
25202f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
25212f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
25222f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
25232f44.153c: \Device\HarddiskVolume3\Windows\System32\devobj.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
25242f44.153c: \Device\HarddiskVolume3\Windows\System32\devobj.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
25252f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25262f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25272f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25282f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25292f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
25302f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25312f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25322f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
25332f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
25342f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
25352f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25362f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
25372f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
25382f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
25392f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
25402f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25412f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25422f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25432f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25442f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
25452f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
25462f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
25472f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
25482f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
25492f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
25502f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25512f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
25522f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
25532f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
25542f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae7040000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
25552f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
25562f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae37c0000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
25572f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
25582f44.153c: supR3HardenedDllNotificationCallback: load 00007ffadf620000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
25592f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
25602f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf620000 'C:\WINDOWS\System32\MMDevApi.dll'
25612f44.153c: \Device\HarddiskVolume3\Windows\System32\dsound.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
25622f44.153c: \Device\HarddiskVolume3\Windows\System32\dsound.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
25632f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c10 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
25642f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
25652f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
25662f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
25672f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
25682f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
25692f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
25702f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25712f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25722f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
25732f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
25742f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
25752f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25762f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25772f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
25782f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25792f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25802f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25812f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
25822f44.153c: supR3HardenedDllNotificationCallback: load 00007ffabbcf0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
25832f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
25842f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
25852f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25862f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\System32\dsound.dll'
25872f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\System32\dsound.dll'
25882f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
25892f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25902f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
25912f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
25922f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25932f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf620000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
25942f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
25952f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
25962f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
25972f44.153c: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
25982f44.153c: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
25992f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d30 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26002f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
26012f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
26022f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
26032f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
26042f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
26052f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
26062f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26072f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26082f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
26092f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
26102f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
26112f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
26122f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26132f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26142f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26152f44.153c: \Device\HarddiskVolume3\Windows\System32\avrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
26162f44.153c: \Device\HarddiskVolume3\Windows\System32\avrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
26172f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
26182f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
26192f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
26202f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
26212f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
26222f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
26232f44.153c: \Device\HarddiskVolume3\Windows\System32\ksuser.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
26242f44.153c: \Device\HarddiskVolume3\Windows\System32\ksuser.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
26252f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
26262f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
26272f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26282f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
26292f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
26302f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26312f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26322f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
26332f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26342f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26352f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26362f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26372f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26382f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26392f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
26402f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
26412f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae14a0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
26422f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
26432f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae2c80000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
26442f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
26452f44.153c: supR3HardenedDllNotificationCallback: load 00007ffaca470000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
26462f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26472f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
26482f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26492f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26502f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
26512f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26522f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26532f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
26542f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26552f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26562f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
26572f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
26582f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
26592f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
26602f44.153c: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
26612f44.153c: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
26622f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
26632f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
26642f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
26652f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
26662f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
26672f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
26682f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
26692f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
26702f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
26712f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
26722f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
26732f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
26742f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
26752f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
26762f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
26772f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26782f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26792f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26802f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26812f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
26822f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
26832f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
26842f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
26852f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
26862f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
26872f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26882f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
26892f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
26902f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
26912f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
26922f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
26932f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
26942f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae2dc0000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
26952f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
26962f44.153c: supR3HardenedDllNotificationCallback: load 00007ffad0c40000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
26972f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
26982f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0c40000 'C:\WINDOWS\System32\AUDIOSES.DLL'
26992f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
27002f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
27012f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
27022f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27032f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27042f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27052f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27062f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
27072f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
27082f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
27092f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
27102f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
27112f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27122f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
27132f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
27142f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27152f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
27162f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
27172f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
27182f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
27192f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d7c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
27202f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
27212f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
27222f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
27232f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
27242f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
27252f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
27262f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27272f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27282f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
27292f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
27302f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
27312f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
27322f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27332f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
27342f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
27352f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
27362f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
27372f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
27382f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
27392f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
27402f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
27412f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
27422f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
27432f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
27442f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
27452f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27462f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
27472f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
27482f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
27492f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
27502f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
27512f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27522f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27532f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27542f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27552f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27562f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27572f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
27582f44.153c: supR3HardenedDllNotificationCallback: load 00007ffad7ce0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
27592f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
27602f44.153c: supR3HardenedDllNotificationCallback: load 00007ffadd060000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
27612f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27622f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27632f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27642f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27652f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27662f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27672f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27682f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27692f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27702f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27712f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27722f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27732f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27742f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27752f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27762f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27772f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27782f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
27792f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
27802f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27812f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27822f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27832f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
27842f44.153c: \Device\HarddiskVolume3\Windows\System32\midimap.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
27852f44.153c: \Device\HarddiskVolume3\Windows\System32\midimap.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
27862f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001084 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
27872f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
27882f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
27892f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
27902f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
27912f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
27922f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
27932f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27942f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27952f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
27962f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
27972f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
27982f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27992f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28002f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
28012f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28022f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28032f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28042f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
28052f44.153c: supR3HardenedDllNotificationCallback: load 00007ffadd050000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
28062f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
28072f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
28082f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
28092f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28102f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
28112f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
28122f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28132f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
28142f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
28152f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28162f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
28172f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28182f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28192f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28202f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28212f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28222f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28232f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28242f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28252f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
28262f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28272f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28282f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28292f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
28302f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
28312f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28322f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28332f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
28342f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28352f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
28362f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28372f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28382f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
28392f44.2124: \Device\HarddiskVolume3\Windows\System32\tzres.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
28402f44.2124: \Device\HarddiskVolume3\Windows\System32\tzres.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
28412f44.2124: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
28422f44.2124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
28432f44.2124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
28442f44.2124: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000012c8 (hFile=000000000000131c) with 0xc0000022 -> STATUS_TRUST_FAILURE
28452f44.2124: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
28462f44.2124: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000131c (hFile=00000000000012c8) with 0xc0000022 -> STATUS_TRUST_FAILURE
28472f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012d0 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
28482f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
28492f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
28502f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCD6851397609F5A60EB791379F579F266921FA4
28512f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
28522f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
28532f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_638_for_KB4093112~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
28542f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28552f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
28562f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
28572f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
28582f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
28592f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
28602f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
28612f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
28622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
28632f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
28642f44.2ad4: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
28652f44.2ad4: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
28662f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28672f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
28682f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
28692f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
28702f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
28712f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
28722f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
28732f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28742f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
28752f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
28762f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
28772f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
28782f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
28792f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
28802f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28812f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
28822f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
28832f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
28842f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
28852f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
28862f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
28872f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
28882f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae63c0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
28892f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
28902f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4610000 LB 0x000dc000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
28912f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
28922f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae2860000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
28932f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
28942f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadb370000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
28952f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
28962f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28972f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28982f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28992f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29002f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
29012f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
29022f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
29032f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
29042f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
29052f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
29062f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29072f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29082f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
29092f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
29102f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
29112f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
29122f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
29132f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
29142f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29152f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29162f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
29172f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
29182f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\CRYPT32.dll'
29192f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
29202f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
29212f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
29222f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
29232f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
29242f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
29252f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
29262f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
29272f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
29282f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
29292f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
29302f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29312f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29322f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29332f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29342f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29352f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29362f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea220000 'C:\WINDOWS\System32\OLEAUT32.DLL'
29372f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
29382f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29392f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
29402f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
29412f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29422f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
29432f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
29442f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
29452f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae85e0000 'api-ms-win-core-com-l1-1-0.dll'
29462f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
29472f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
29482f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
29492f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
29502f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
29512f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
29522f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
29532f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
29542f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
29552f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
29562f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29572f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
29582f44.11fc: \Device\HarddiskVolume3\Windows\System32\cldapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
29592f44.11fc: \Device\HarddiskVolume3\Windows\System32\cldapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
29602f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'fltlib.dll'.
29612f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'aepic.dll'.
29622f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cldapi.dll)
29632f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cldapi.dll
29642f44.11fc: \Device\HarddiskVolume3\Windows\System32\fltLib.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
29652f44.11fc: \Device\HarddiskVolume3\Windows\System32\fltLib.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
29662f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll)
29672f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll
29682f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29692f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
29702f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'bcrypt.dll'.
29712f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\aepic.dll)
29722f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\aepic.dll
29732f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad5580000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\FLTLIB.DLL [fFlags=0x0]
29742f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [avoiding WinVerifyTrust]
29752f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad19d0000 LB 0x00044000 C:\WINDOWS\SYSTEM32\AEPIC.dll [fFlags=0x0]
29762f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\aepic.dll [avoiding WinVerifyTrust]
29772f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad1a20000 LB 0x00019000 C:\WINDOWS\SYSTEM32\CLDAPI.dll [fFlags=0x0]
29782f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cldapi.dll [avoiding WinVerifyTrust]
29792f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\aepic.dll'.
29802f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\aepic.dll' [rescheduled]
29812f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
29822f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled]
29832f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cldapi.dll'.
29842f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cldapi.dll' [rescheduled]
29852f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
29862f44.11fc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
29872f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
29882f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
29892f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
29902f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
29912f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
29922f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29932f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29942f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29952f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29962f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'aepic.dll'...
29972f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'aepic.dll' -> '\Device\HarddiskVolume3\Windows\System32\aepic.dll' [rcNtRedir=0xc0150008]
29982f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\aepic.dll [redoing WinVerifyTrust]
29992f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\aepic.dll'.
30002f44.11fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\aepic.dll
30012f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
30022f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
30032f44.11fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
30042f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
30052f44.11fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll
30062f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30072f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeaf40000 'C:\WINDOWS\System32\ntdll.dll'
30082f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
30092f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled]
30102f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
30112f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30122f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae37c0000 'C:\WINDOWS\system32\propsys.dll'
30132f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
30142f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
30152f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
30162f44.11fc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
30172f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30182f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7590000 'C:\WINDOWS\system32\Windows.Storage.dll'
30192f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
30202f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
30212f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7590000 'C:\WINDOWS\system32\windows.storage.dll'
30222f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
30232f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
30242f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30252f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
30262f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
30272f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll) WinVerifyTrust
30282f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
30292f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30302f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30312f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30322f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30332f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30342f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30352f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
30362f44.11fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
30372f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad4f40000 LB 0x00269000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll [fFlags=0x0]
30382f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
30392f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4f40000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll'
30402f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
30412f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
30422f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4f40000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll'
30432f44.11fc: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
30442f44.11fc: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
30452f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30462f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
30472f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll)
30482f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
30492f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae2f00000 LB 0x001ab000 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
30502f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
30512f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30522f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30532f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30542f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30552f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
30562f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
30572f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll'
30582f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\Windows\System32\shell32.dll'
30592f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\Windows\System32\shell32.dll'
30602f44.11fc: \Device\HarddiskVolume3\Windows\System32\apphelp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
30612f44.11fc: \Device\HarddiskVolume3\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
30622f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
30632f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
30642f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae5380000 LB 0x00088000 C:\WINDOWS\SYSTEM32\apphelp.dll [fFlags=0x0]
30652f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
30662f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'.
30672f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled]
30682f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [redoing WinVerifyTrust]
30692f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
30702f44.11fc: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\ntdll.dll
30712f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30722f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeaf40000 'C:\WINDOWS\System32\ntdll.dll'
30732f44.2a48: \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
30742f44.2a48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll)
30752f44.2a48: Error (rc=0):
30762f44.2a48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll'.
30772f44.2a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll
30782f44.2a48: Error (rc=0):
30792f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\ProgramData\MEGAsync\ShellExtX64.dll' (C:\ProgramData\MEGAsync\ShellExtX64.dll): rcNt=0xc0000190
30802f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\ProgramData\MEGAsync\ShellExtX64.dll'
30812f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll [lacks WinVerifyTrust]
30822f44.2a48: Error (rc=0):
30832f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll
30842f44.2a48: Error (rc=0):
30852f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\ProgramData\MEGAsync\ShellExtX64.dll' (C:\ProgramData\MEGAsync\ShellExtX64.dll): rcNt=0xc0000190
30862f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\ProgramData\MEGAsync\ShellExtX64.dll'
30872f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll [lacks WinVerifyTrust]
30882f44.2a48: Error (rc=0):
30892f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll
30902f44.2a48: Error (rc=0):
30912f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\ProgramData\MEGAsync\ShellExtX64.dll' (C:\ProgramData\MEGAsync\ShellExtX64.dll): rcNt=0xc0000190
30922f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\ProgramData\MEGAsync\ShellExtX64.dll'
30932f44.2a48: \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
30942f44.2a48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll)
30952f44.2a48: Error (rc=0):
30962f44.2a48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'.
30972f44.2a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
30982f44.2a48: Error (rc=0):
30992f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
31002f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
31012f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
31022f44.2a48: Error (rc=0):
31032f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
31042f44.2a48: Error (rc=0):
31052f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
31062f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
31072f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
31082f44.2a48: Error (rc=0):
31092f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
31102f44.2a48: Error (rc=0):
31112f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
31122f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
31132f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
31142f44.2a48: Error (rc=0):
31152f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
31162f44.2a48: Error (rc=0):
31172f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
31182f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
31192f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
31202f44.2a48: Error (rc=0):
31212f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
31222f44.2a48: Error (rc=0):
31232f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
31242f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
31252f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
31262f44.2a48: Error (rc=0):
31272f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
31282f44.2a48: Error (rc=0):
31292f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
31302f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
31312f44.2a48: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
31322f44.2a48: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
31332f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
31342f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
31352f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
31362f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3395EEF5B8F5F6F8D85A6FC3DFB1F43861DD917C
31372f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
31382f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
31392f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll'
31402f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31412f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31422f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31432f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
31442f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
31452f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31462f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
31472f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
31482f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
31492f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
31502f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
31512f44.2a48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll) WinVerifyTrust
31522f44.2a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
31532f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31542f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31552f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
31562f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
31572f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
31582f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
31592f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
31602f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
31612f44.2a48: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
31622f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
31632f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
31642f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
31652f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
31662f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
31672f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
31682f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
31692f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
31702f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31712f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31722f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31732f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31742f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31752f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31762f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31772f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31782f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31792f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31802f44.2a48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31812f44.2a48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
31822f44.2a48: supR3HardenedDllNotificationCallback: load 00007ffad0e90000 LB 0x00036000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
31832f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
31842f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0e90000 'C:\Windows\System32\EhStorShell.dll'
31852f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\Windows\System32\shell32.dll'
31862f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\System32\shell32.dll'
31872f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\System32\shell32.dll'
31882f44.11fc: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
31892f44.11fc: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
31902f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
31912f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
31922f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31932f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shcore.dll'.
31942f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
31952f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll) WinVerifyTrust
31962f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
31972f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31982f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31992f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32002f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
32012f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
32022f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
32032f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32042f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32052f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32062f44.11fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
32072f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae2240000 LB 0x0005b000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
32082f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
32092f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2240000 'C:\Windows\System32\thumbcache.dll'
32102f44.11fc: \Device\HarddiskVolume3\Windows\System32\imageres.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
32112f44.11fc: \Device\HarddiskVolume3\Windows\System32\imageres.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
32122f44.11fc: '\Device\HarddiskVolume3\Windows\System32\imageres.dll' has no imports
32132f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imageres.dll)
32142f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imageres.dll
32152f44.11fc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001008 (hFile=0000000000000d2c) with 0xc0000022 -> STATUS_TRUST_FAILURE
32162f44.11fc: \Device\HarddiskVolume3\Windows\System32\policymanager.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
32172f44.11fc: \Device\HarddiskVolume3\Windows\System32\policymanager.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
32182f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
32192f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
32202f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
32212f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\policymanager.dll)
32222f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\policymanager.dll
32232f44.11fc: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
32242f44.11fc: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
32252f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32262f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll)
32272f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll
32282f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae3c10000 LB 0x00090000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll [fFlags=0x0]
32292f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
32302f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffadf740000 LB 0x0007a000 C:\WINDOWS\SYSTEM32\policymanager.dll [fFlags=0x0]
32312f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\policymanager.dll [avoiding WinVerifyTrust]
32322f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32332f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32342f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32352f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32362f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32372f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32382f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
32392f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
32402f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust]
32412f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
32422f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
32432f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'
32442f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
32452f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
32462f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'
32472f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume3\Windows\System32\imageres.dll
32482f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
32492f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
32502f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=036FA6C7BD3AA838299F5D4D956B85E8A37C2648
32512f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
32522f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
32532f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\imageres.dll'
32542f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32552f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imageres.dll'
32562f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
32572f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32582f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2f00000 'C:\WINDOWS\system32\windowscodecs.dll'
32592f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
32602f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32612f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
32622f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
32632f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
32642f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
32652f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
32662f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
32672f44.2a48: supR3HardenedDllNotificationCallback: Unload 00007ffad0e90000 LB 0x00036000 C:\Windows\System32\EhStorShell.dll [flags=0x0]
32682f44.2e20: supR3HardenedDllNotificationCallback: Unload 00007ffadd630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
32692f44.245c: supR3HardenedDllNotificationCallback: Unload 00007ffadd640000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
32702f44.2f50: supR3HardenedDllNotificationCallback: Unload 00007ffadd810000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
32712f44.1b68: supR3HardenedDllNotificationCallback: Unload 00007ffae2170000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
32722f44.29b4: supR3HardenedDllNotificationCallback: Unload 00007ffae3cd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
32732f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffaac4e0000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
32742f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffac0990000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
32752f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffabe440000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
32762f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffaeaab0000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
32772f44.2ad4: Terminating the normal way: rcExit=0
32781a70.1930: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1052372 ms, the end);
32791158.2bcc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1053450 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy