VirtualBox

Ticket #18241: centos7-2018-12-28-02-35-17.log

File centos7-2018-12-28-02-35-17.log, 495.6 KB (added by Vishal Pokala, 6 years ago)

log1

Line 
14918.46d4: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
24918.46d4: \SystemRoot\System32\ntdll.dll:
34918.46d4: CreationTime: 2018-12-12T16:22:11.967963000Z
44918.46d4: LastWriteTime: 2018-12-08T08:04:53.786979100Z
54918.46d4: ChangeTime: 2018-12-20T17:28:16.091009200Z
64918.46d4: FileAttributes: 0x20
74918.46d4: Size: 0x1da720
84918.46d4: NT Headers: 0xe8
94918.46d4: Timestamp: 0x7e614c22
104918.46d4: Machine: 0x8664 - amd64
114918.46d4: Timestamp: 0x7e614c22
124918.46d4: Image Version: 10.0
134918.46d4: SizeOfImage: 0x1e1000 (1970176)
144918.46d4: Resource Dir: 0x174000 LB 0x6b3e8
154918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164918.46d4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174918.46d4: ProductName: Microsoft® Windows® Operating System
184918.46d4: ProductVersion: 10.0.17134.471
194918.46d4: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
204918.46d4: FileDescription: NT Layer DLL
214918.46d4: \SystemRoot\System32\kernel32.dll:
224918.46d4: CreationTime: 2018-04-11T23:34:40.510607900Z
234918.46d4: LastWriteTime: 2018-04-11T23:34:40.510607900Z
244918.46d4: ChangeTime: 2018-08-02T10:52:14.292003200Z
254918.46d4: FileAttributes: 0x20
264918.46d4: Size: 0xafef8
274918.46d4: NT Headers: 0xe8
284918.46d4: Timestamp: 0x5f488a51
294918.46d4: Machine: 0x8664 - amd64
304918.46d4: Timestamp: 0x5f488a51
314918.46d4: Image Version: 10.0
324918.46d4: SizeOfImage: 0xb2000 (729088)
334918.46d4: Resource Dir: 0xb0000 LB 0x520
344918.46d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354918.46d4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364918.46d4: ProductName: Microsoft® Windows® Operating System
374918.46d4: ProductVersion: 10.0.17134.1
384918.46d4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
394918.46d4: FileDescription: Windows NT BASE API Client DLL
404918.46d4: \SystemRoot\System32\KernelBase.dll:
414918.46d4: CreationTime: 2018-11-27T20:43:23.300474400Z
424918.46d4: LastWriteTime: 2018-11-09T02:47:52.285920600Z
434918.46d4: ChangeTime: 2018-12-20T17:28:16.089057400Z
444918.46d4: FileAttributes: 0x20
454918.46d4: Size: 0x273b78
464918.46d4: NT Headers: 0xf0
474918.46d4: Timestamp: 0x428de48c
484918.46d4: Machine: 0x8664 - amd64
494918.46d4: Timestamp: 0x428de48c
504918.46d4: Image Version: 10.0
514918.46d4: SizeOfImage: 0x273000 (2568192)
524918.46d4: Resource Dir: 0x251000 LB 0x548
534918.46d4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544918.46d4: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554918.46d4: ProductName: Microsoft® Windows® Operating System
564918.46d4: ProductVersion: 10.0.17134.441
574918.46d4: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
584918.46d4: FileDescription: Windows NT BASE API Client DLL
594918.46d4: \SystemRoot\System32\apisetschema.dll:
604918.46d4: CreationTime: 2018-04-11T23:34:44.042150700Z
614918.46d4: LastWriteTime: 2018-04-11T23:34:44.042150700Z
624918.46d4: ChangeTime: 2018-08-02T11:35:09.677325500Z
634918.46d4: FileAttributes: 0x20
644918.46d4: Size: 0x1bd98
654918.46d4: NT Headers: 0xd0
664918.46d4: Timestamp: 0xd02ff418
674918.46d4: Machine: 0x8664 - amd64
684918.46d4: Timestamp: 0xd02ff418
694918.46d4: Image Version: 10.0
704918.46d4: SizeOfImage: 0x1c000 (114688)
714918.46d4: Resource Dir: 0x1b000 LB 0x408
724918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734918.46d4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744918.46d4: ProductName: Microsoft® Windows® Operating System
754918.46d4: ProductVersion: 10.0.17134.1
764918.46d4: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
774918.46d4: FileDescription: ApiSet Schema DLL
784918.46d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794918.46d4: supR3HardenedWinFindAdversaries: 0x20
804918.46d4: \SystemRoot\System32\drivers\cfwids.sys:
814918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
824918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
834918.46d4: ChangeTime: 2018-12-26T04:19:44.333339400Z
844918.46d4: FileAttributes: 0x20
854918.46d4: Size: 0x12d40
864918.46d4: NT Headers: 0xf0
874918.46d4: Timestamp: 0x5b7cebbe
884918.46d4: Machine: 0x8664 - amd64
894918.46d4: Timestamp: 0x5b7cebbe
904918.46d4: Image Version: 0.0
914918.46d4: SizeOfImage: 0x14000 (81920)
924918.46d4: Resource Dir: 0x12000 LB 0x550
934918.46d4: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
944918.46d4: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
954918.46d4: ProductName: SYSCORE
964918.46d4: ProductVersion: 18.9.0.174
974918.46d4: FileVersion: SYSCORE.18.9.0.174
984918.46d4: PrivateBuild: SYSCORE.18.9.0.174
994918.46d4: FileDescription: McAfee Personal Firewall IDS Plugin
1004918.46d4: \SystemRoot\System32\drivers\mfeavfk.sys:
1014918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
1024918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
1034918.46d4: ChangeTime: 2018-12-26T04:19:44.054118000Z
1044918.46d4: FileAttributes: 0x20
1054918.46d4: Size: 0x5ab40
1064918.46d4: NT Headers: 0xe8
1074918.46d4: Timestamp: 0x5b7ceb01
1084918.46d4: Machine: 0x8664 - amd64
1094918.46d4: Timestamp: 0x5b7ceb01
1104918.46d4: Image Version: 0.0
1114918.46d4: SizeOfImage: 0x5b000 (372736)
1124918.46d4: Resource Dir: 0x59000 LB 0x758
1134918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1144918.46d4: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)]
1154918.46d4: ProductName: SYSCORE
1164918.46d4: ProductVersion: 18.9.0.174
1174918.46d4: FileVersion: SYSCORE.18.9.0.174
1184918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19
1194918.46d4: FileDescription: Anti-Virus File System Filter Driver
1204918.46d4: \SystemRoot\System32\drivers\mfefirek.sys:
1214918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
1224918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
1234918.46d4: ChangeTime: 2018-12-26T04:19:43.925830500Z
1244918.46d4: FileAttributes: 0x20
1254918.46d4: Size: 0x7dd40
1264918.46d4: NT Headers: 0xf0
1274918.46d4: Timestamp: 0x5b7ceb8a
1284918.46d4: Machine: 0x8664 - amd64
1294918.46d4: Timestamp: 0x5b7ceb8a
1304918.46d4: Image Version: 0.0
1314918.46d4: SizeOfImage: 0x7f000 (520192)
1324918.46d4: Resource Dir: 0x7b000 LB 0x388
1334918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1344918.46d4: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
1354918.46d4: ProductName: SYSCORE
1364918.46d4: ProductVersion: 18.9.0.174
1374918.46d4: FileVersion: SYSCORE.18.9.0.174
1384918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
1394918.46d4: FileDescription: McAfee Core Firewall Engine Driver
1404918.46d4: \SystemRoot\System32\drivers\mfehidk.sys:
1414918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
1424918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
1434918.46d4: ChangeTime: 2018-12-26T04:19:39.056247500Z
1444918.46d4: FileAttributes: 0x20
1454918.46d4: Size: 0xee140
1464918.46d4: NT Headers: 0x108
1474918.46d4: Timestamp: 0x5b7cea9c
1484918.46d4: Machine: 0x8664 - amd64
1494918.46d4: Timestamp: 0x5b7cea9c
1504918.46d4: Image Version: 0.0
1514918.46d4: SizeOfImage: 0xf7000 (1011712)
1524918.46d4: Resource Dir: 0xf3000 LB 0x758
1534918.46d4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1544918.46d4: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)]
1554918.46d4: ProductName: SYSCORE
1564918.46d4: ProductVersion: 18.9.0.174
1574918.46d4: FileVersion: SYSCORE.18.9.0.174
1584918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20
1594918.46d4: FileDescription: McAfee Link Driver
1604918.46d4: \SystemRoot\System32\drivers\mfencbdc.sys:
1614918.46d4: CreationTime: 2017-11-21T07:48:58.000000000Z
1624918.46d4: LastWriteTime: 2018-10-02T17:09:34.000000000Z
1634918.46d4: ChangeTime: 2018-12-26T04:20:13.928345700Z
1644918.46d4: FileAttributes: 0x20
1654918.46d4: Size: 0x88f30
1664918.46d4: NT Headers: 0xe0
1674918.46d4: Timestamp: 0x5b843d50
1684918.46d4: Machine: 0x8664 - amd64
1694918.46d4: Timestamp: 0x5b843d50
1704918.46d4: Image Version: 0.0
1714918.46d4: SizeOfImage: 0x8c000 (573440)
1724918.46d4: Resource Dir: 0x8a000 LB 0x3e0
1734918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1744918.46d4: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)]
1754918.46d4: ProductName: Anti-Malware Core
1764918.46d4: ProductVersion: 18.9.0
1774918.46d4: FileVersion: Anti-Malware Core.18.9.0.284.x64
1784918.46d4: PrivateBuild: Anti-Malware Core.18.9.0.284.x64
1794918.46d4: FileDescription: Event Driver
1804918.46d4: \SystemRoot\System32\drivers\mfewfpk.sys:
1814918.46d4: CreationTime: 2018-01-31T17:06:48.000000000Z
1824918.46d4: LastWriteTime: 2018-10-04T08:27:26.000000000Z
1834918.46d4: ChangeTime: 2018-12-26T04:18:31.226499400Z
1844918.46d4: FileAttributes: 0x20
1854918.46d4: Size: 0x3df40
1864918.46d4: NT Headers: 0xf0
1874918.46d4: Timestamp: 0x5b7ceab5
1884918.46d4: Machine: 0x8664 - amd64
1894918.46d4: Timestamp: 0x5b7ceab5
1904918.46d4: Image Version: 0.0
1914918.46d4: SizeOfImage: 0x59000 (364544)
1924918.46d4: Resource Dir: 0x57000 LB 0x380
1934918.46d4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1944918.46d4: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1954918.46d4: ProductName: SYSCORE
1964918.46d4: ProductVersion: 18.9.0.174
1974918.46d4: FileVersion: SYSCORE.18.9.0.174
1984918.46d4: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
1994918.46d4: FileDescription: Anti-Virus Mini-Firewall Driver
2004918.46d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2014918.46d4: Calling main()
2024918.46d4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2034918.46d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2044918.46d4: SUPR3HardenedMain: Respawn #1
2054918.46d4: System32: \Device\HarddiskVolume3\Windows\System32
2064918.46d4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2074918.46d4: KnownDllPath: C:\Windows\System32
2084918.46d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2094918.46d4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2104918.46d4: supR3HardNtEnableThreadCreation:
2114918.46d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
2124918.46d4: supR3HardenedWinDoReSpawn(1): New child 45d8.2e30 [kernel32].
2134918.46d4: supR3HardNtChildGatherData: PebBaseAddress=00000000002a4000 cbPeb=0x388
2144918.46d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb23e90000 uNtDllChildAddr=00007ffb23e90000
2154918.46d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb23f04f90
2164918.46d4: supR3HardenedWinSetupChildInit: Start child.
2174918.46d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2184918.46d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 59 sleeps
2194918.46d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2204918.46d4: *0000000000000000-00000000000affff 0x0001/0x0000 0x0000000
2214918.46d4: *00000000000b0000-00000000000cffff 0x0004/0x0004 0x0020000
2224918.46d4: *00000000000d0000-00000000000e8fff 0x0002/0x0002 0x0040000
2234918.46d4: 00000000000e9000-00000000000effff 0x0001/0x0000 0x0000000
2244918.46d4: *00000000000f0000-00000000001eafff 0x0000/0x0004 0x0020000
2254918.46d4: 00000000001eb000-00000000001edfff 0x0104/0x0004 0x0020000
2264918.46d4: 00000000001ee000-00000000001effff 0x0004/0x0004 0x0020000
2274918.46d4: *00000000001f0000-00000000001f3fff 0x0002/0x0002 0x0040000
2284918.46d4: 00000000001f4000-00000000001fffff 0x0001/0x0000 0x0000000
2294918.46d4: *0000000000200000-00000000002a3fff 0x0000/0x0004 0x0020000
2304918.46d4: 00000000002a4000-00000000002a6fff 0x0004/0x0004 0x0020000
2314918.46d4: 00000000002a7000-00000000003fffff 0x0000/0x0004 0x0020000
2324918.46d4: *0000000000400000-0000000000400fff 0x0004/0x0004 0x0020000
2334918.46d4: 0000000000401000-000000007ffdffff 0x0001/0x0000 0x0000000
2344918.46d4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2354918.46d4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
2364918.46d4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
2374918.46d4: 000000007ffe6000-00007ff5abb2ffff 0x0001/0x0000 0x0000000
2384918.46d4: *00007ff5abb30000-00007ff5abb52fff 0x0002/0x0002 0x0040000
2394918.46d4: 00007ff5abb53000-00007ff69b42ffff 0x0001/0x0000 0x0000000
2404918.46d4: *00007ff69b430000-00007ff69b430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2414918.46d4: 00007ff69b431000-00007ff69b4a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2424918.46d4: 00007ff69b4a4000-00007ff69b4a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2434918.46d4: 00007ff69b4a5000-00007ff69b4ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2444918.46d4: 00007ff69b4ec000-00007ff69b4ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2454918.46d4: 00007ff69b4ed000-00007ff69b4edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2464918.46d4: 00007ff69b4ee000-00007ff69b4f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2474918.46d4: 00007ff69b4f3000-00007ff69b4f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2484918.46d4: 00007ff69b4f4000-00007ff69b4f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2494918.46d4: 00007ff69b4f5000-00007ff69b4f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2504918.46d4: 00007ff69b4f9000-00007ff69b541fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2514918.46d4: 00007ff69b542000-00007ffb23e8ffff 0x0001/0x0000 0x0000000
2524918.46d4: *00007ffb23e90000-00007ffb23e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2534918.46d4: 00007ffb23e91000-00007ffb23f9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2544918.46d4: 00007ffb23fa0000-00007ffb23fe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2554918.46d4: 00007ffb23fe6000-00007ffb23ff0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2564918.46d4: 00007ffb23ff1000-00007ffb23ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2574918.46d4: 00007ffb23fff000-00007ffb23ffffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2584918.46d4: 00007ffb24000000-00007ffb24002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2594918.46d4: 00007ffb24003000-00007ffb24070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2604918.46d4: 00007ffb24071000-00007ffffffeffff 0x0001/0x0000 0x0000000
2614918.46d4: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
2624918.46d4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2634918.46d4: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2644918.46d4: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0).
26545d8.2e30: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
26645d8.2e30: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb23e90000 g_uNtVerCombined=0xa042ee00
26745d8.2e30: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
2684918.46d4: supR3HardNtEnableThreadCreation:
26945d8.2e30: New simple heap: #1 0000000000510000 LB 0x400000 (for 1970176 allocation)
27045d8.2e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
27145d8.2e30: System32: \Device\HarddiskVolume3\Windows\System32
27245d8.2e30: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
27345d8.2e30: KnownDllPath: C:\Windows\System32
27445d8.2e30: supR3HardenedVmProcessInit: Opening vboxdrv stub...
27545d8.2e30: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
27645d8.2e30: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
27745d8.2e30: Registered Dll notification callback with NTDLL.
27845d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
27945d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
28045d8.2e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
28145d8.2e30: supR3HardenedDllNotificationCallback: load 00007ffb20570000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
28245d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
28345d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
28445d8.2e30: supR3HardenedDllNotificationCallback: load 00007ffb23da0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
28545d8.2e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
28645d8.2e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\KERNEL32.DLL'
28745d8.2e30: supR3HardenedDllNotificationCallback: load 00007ff69b430000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
28845d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
28945d8.2e30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
29045d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
29145d8.2e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
2924918.46d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 77 ms.
29345d8.2e30: \SystemRoot\System32\ntdll.dll:
29445d8.2e30: CreationTime: 2018-12-12T16:22:11.967963000Z
29545d8.2e30: LastWriteTime: 2018-12-08T08:04:53.786979100Z
29645d8.2e30: ChangeTime: 2018-12-20T17:28:16.091009200Z
29745d8.2e30: FileAttributes: 0x20
29845d8.2e30: Size: 0x1da720
29945d8.2e30: NT Headers: 0xe8
30045d8.2e30: Timestamp: 0x7e614c22
30145d8.2e30: Machine: 0x8664 - amd64
30245d8.2e30: Timestamp: 0x7e614c22
30345d8.2e30: Image Version: 10.0
30445d8.2e30: SizeOfImage: 0x1e1000 (1970176)
30545d8.2e30: Resource Dir: 0x174000 LB 0x6b3e8
30645d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
30745d8.2e30: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
30845d8.2e30: ProductName: Microsoft® Windows® Operating System
30945d8.2e30: ProductVersion: 10.0.17134.471
31045d8.2e30: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
31145d8.2e30: FileDescription: NT Layer DLL
31245d8.2e30: \SystemRoot\System32\kernel32.dll:
31345d8.2e30: CreationTime: 2018-04-11T23:34:40.510607900Z
31445d8.2e30: LastWriteTime: 2018-04-11T23:34:40.510607900Z
31545d8.2e30: ChangeTime: 2018-08-02T10:52:14.292003200Z
31645d8.2e30: FileAttributes: 0x20
31745d8.2e30: Size: 0xafef8
31845d8.2e30: NT Headers: 0xe8
31945d8.2e30: Timestamp: 0x5f488a51
32045d8.2e30: Machine: 0x8664 - amd64
32145d8.2e30: Timestamp: 0x5f488a51
32245d8.2e30: Image Version: 10.0
32345d8.2e30: SizeOfImage: 0xb2000 (729088)
32445d8.2e30: Resource Dir: 0xb0000 LB 0x520
32545d8.2e30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
32645d8.2e30: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
32745d8.2e30: ProductName: Microsoft® Windows® Operating System
32845d8.2e30: ProductVersion: 10.0.17134.1
32945d8.2e30: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
33045d8.2e30: FileDescription: Windows NT BASE API Client DLL
33145d8.2e30: \SystemRoot\System32\KernelBase.dll:
33245d8.2e30: CreationTime: 2018-11-27T20:43:23.300474400Z
33345d8.2e30: LastWriteTime: 2018-11-09T02:47:52.285920600Z
33445d8.2e30: ChangeTime: 2018-12-20T17:28:16.089057400Z
33545d8.2e30: FileAttributes: 0x20
33645d8.2e30: Size: 0x273b78
33745d8.2e30: NT Headers: 0xf0
33845d8.2e30: Timestamp: 0x428de48c
33945d8.2e30: Machine: 0x8664 - amd64
34045d8.2e30: Timestamp: 0x428de48c
34145d8.2e30: Image Version: 10.0
34245d8.2e30: SizeOfImage: 0x273000 (2568192)
34345d8.2e30: Resource Dir: 0x251000 LB 0x548
34445d8.2e30: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
34545d8.2e30: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
34645d8.2e30: ProductName: Microsoft® Windows® Operating System
34745d8.2e30: ProductVersion: 10.0.17134.441
34845d8.2e30: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
34945d8.2e30: FileDescription: Windows NT BASE API Client DLL
35045d8.2e30: \SystemRoot\System32\apisetschema.dll:
35145d8.2e30: CreationTime: 2018-04-11T23:34:44.042150700Z
35245d8.2e30: LastWriteTime: 2018-04-11T23:34:44.042150700Z
35345d8.2e30: ChangeTime: 2018-08-02T11:35:09.677325500Z
35445d8.2e30: FileAttributes: 0x20
35545d8.2e30: Size: 0x1bd98
35645d8.2e30: NT Headers: 0xd0
35745d8.2e30: Timestamp: 0xd02ff418
35845d8.2e30: Machine: 0x8664 - amd64
35945d8.2e30: Timestamp: 0xd02ff418
36045d8.2e30: Image Version: 10.0
36145d8.2e30: SizeOfImage: 0x1c000 (114688)
36245d8.2e30: Resource Dir: 0x1b000 LB 0x408
36345d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
36445d8.2e30: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
36545d8.2e30: ProductName: Microsoft® Windows® Operating System
36645d8.2e30: ProductVersion: 10.0.17134.1
36745d8.2e30: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
36845d8.2e30: FileDescription: ApiSet Schema DLL
36945d8.2e30: NtOpenDirectoryObject failed on \Driver: 0xc0000022
37045d8.2e30: supR3HardenedWinFindAdversaries: 0x20
37145d8.2e30: \SystemRoot\System32\drivers\cfwids.sys:
37245d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
37345d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
37445d8.2e30: ChangeTime: 2018-12-26T04:19:44.333339400Z
37545d8.2e30: FileAttributes: 0x20
37645d8.2e30: Size: 0x12d40
37745d8.2e30: NT Headers: 0xf0
37845d8.2e30: Timestamp: 0x5b7cebbe
37945d8.2e30: Machine: 0x8664 - amd64
38045d8.2e30: Timestamp: 0x5b7cebbe
38145d8.2e30: Image Version: 0.0
38245d8.2e30: SizeOfImage: 0x14000 (81920)
38345d8.2e30: Resource Dir: 0x12000 LB 0x550
38445d8.2e30: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
38545d8.2e30: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
38645d8.2e30: ProductName: SYSCORE
38745d8.2e30: ProductVersion: 18.9.0.174
38845d8.2e30: FileVersion: SYSCORE.18.9.0.174
38945d8.2e30: PrivateBuild: SYSCORE.18.9.0.174
39045d8.2e30: FileDescription: McAfee Personal Firewall IDS Plugin
39145d8.2e30: \SystemRoot\System32\drivers\mfeavfk.sys:
39245d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
39345d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
39445d8.2e30: ChangeTime: 2018-12-26T04:19:44.054118000Z
39545d8.2e30: FileAttributes: 0x20
39645d8.2e30: Size: 0x5ab40
39745d8.2e30: NT Headers: 0xe8
39845d8.2e30: Timestamp: 0x5b7ceb01
39945d8.2e30: Machine: 0x8664 - amd64
40045d8.2e30: Timestamp: 0x5b7ceb01
40145d8.2e30: Image Version: 0.0
40245d8.2e30: SizeOfImage: 0x5b000 (372736)
40345d8.2e30: Resource Dir: 0x59000 LB 0x758
40445d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
40545d8.2e30: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)]
40645d8.2e30: ProductName: SYSCORE
40745d8.2e30: ProductVersion: 18.9.0.174
40845d8.2e30: FileVersion: SYSCORE.18.9.0.174
40945d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19
41045d8.2e30: FileDescription: Anti-Virus File System Filter Driver
41145d8.2e30: \SystemRoot\System32\drivers\mfefirek.sys:
41245d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
41345d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
41445d8.2e30: ChangeTime: 2018-12-26T04:19:43.925830500Z
41545d8.2e30: FileAttributes: 0x20
41645d8.2e30: Size: 0x7dd40
41745d8.2e30: NT Headers: 0xf0
41845d8.2e30: Timestamp: 0x5b7ceb8a
41945d8.2e30: Machine: 0x8664 - amd64
42045d8.2e30: Timestamp: 0x5b7ceb8a
42145d8.2e30: Image Version: 0.0
42245d8.2e30: SizeOfImage: 0x7f000 (520192)
42345d8.2e30: Resource Dir: 0x7b000 LB 0x388
42445d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
42545d8.2e30: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
42645d8.2e30: ProductName: SYSCORE
42745d8.2e30: ProductVersion: 18.9.0.174
42845d8.2e30: FileVersion: SYSCORE.18.9.0.174
42945d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
43045d8.2e30: FileDescription: McAfee Core Firewall Engine Driver
43145d8.2e30: \SystemRoot\System32\drivers\mfehidk.sys:
43245d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
43345d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
43445d8.2e30: ChangeTime: 2018-12-26T04:19:39.056247500Z
43545d8.2e30: FileAttributes: 0x20
43645d8.2e30: Size: 0xee140
43745d8.2e30: NT Headers: 0x108
43845d8.2e30: Timestamp: 0x5b7cea9c
43945d8.2e30: Machine: 0x8664 - amd64
44045d8.2e30: Timestamp: 0x5b7cea9c
44145d8.2e30: Image Version: 0.0
44245d8.2e30: SizeOfImage: 0xf7000 (1011712)
44345d8.2e30: Resource Dir: 0xf3000 LB 0x758
44445d8.2e30: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
44545d8.2e30: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)]
44645d8.2e30: ProductName: SYSCORE
44745d8.2e30: ProductVersion: 18.9.0.174
44845d8.2e30: FileVersion: SYSCORE.18.9.0.174
44945d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20
45045d8.2e30: FileDescription: McAfee Link Driver
45145d8.2e30: \SystemRoot\System32\drivers\mfencbdc.sys:
45245d8.2e30: CreationTime: 2017-11-21T07:48:58.000000000Z
45345d8.2e30: LastWriteTime: 2018-10-02T17:09:34.000000000Z
45445d8.2e30: ChangeTime: 2018-12-26T04:20:13.928345700Z
45545d8.2e30: FileAttributes: 0x20
45645d8.2e30: Size: 0x88f30
45745d8.2e30: NT Headers: 0xe0
45845d8.2e30: Timestamp: 0x5b843d50
45945d8.2e30: Machine: 0x8664 - amd64
46045d8.2e30: Timestamp: 0x5b843d50
46145d8.2e30: Image Version: 0.0
46245d8.2e30: SizeOfImage: 0x8c000 (573440)
46345d8.2e30: Resource Dir: 0x8a000 LB 0x3e0
46445d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
46545d8.2e30: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)]
46645d8.2e30: ProductName: Anti-Malware Core
46745d8.2e30: ProductVersion: 18.9.0
46845d8.2e30: FileVersion: Anti-Malware Core.18.9.0.284.x64
46945d8.2e30: PrivateBuild: Anti-Malware Core.18.9.0.284.x64
47045d8.2e30: FileDescription: Event Driver
47145d8.2e30: \SystemRoot\System32\drivers\mfewfpk.sys:
47245d8.2e30: CreationTime: 2018-01-31T17:06:48.000000000Z
47345d8.2e30: LastWriteTime: 2018-10-04T08:27:26.000000000Z
47445d8.2e30: ChangeTime: 2018-12-26T04:18:31.226499400Z
47545d8.2e30: FileAttributes: 0x20
47645d8.2e30: Size: 0x3df40
47745d8.2e30: NT Headers: 0xf0
47845d8.2e30: Timestamp: 0x5b7ceab5
47945d8.2e30: Machine: 0x8664 - amd64
48045d8.2e30: Timestamp: 0x5b7ceab5
48145d8.2e30: Image Version: 0.0
48245d8.2e30: SizeOfImage: 0x59000 (364544)
48345d8.2e30: Resource Dir: 0x57000 LB 0x380
48445d8.2e30: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
48545d8.2e30: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
48645d8.2e30: ProductName: SYSCORE
48745d8.2e30: ProductVersion: 18.9.0.174
48845d8.2e30: FileVersion: SYSCORE.18.9.0.174
48945d8.2e30: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
49045d8.2e30: FileDescription: Anti-Virus Mini-Firewall Driver
49145d8.2e30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
49245d8.2e30: Calling main()
49345d8.2e30: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
49445d8.2e30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
49545d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
49645d8.2e30: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
49745d8.2e30: SUPR3HardenedMain: Respawn #2
49845d8.2e30: supR3HardNtEnableThreadCreation:
49945d8.2e30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
50045d8.2e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
50145d8.2e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
50245d8.2e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
50345d8.2e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
50445d8.2e30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
50545d8.2e30: supR3HardenedWinDoReSpawn(2): New child 4564.534 [kernel32].
50645d8.2e30: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
50745d8.2e30: supR3HardNtChildGatherData: PebBaseAddress=0000000000a46000 cbPeb=0x388
50845d8.2e30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb23e90000 uNtDllChildAddr=00007ffb23e90000
50945d8.2e30: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb23f04f90
51045d8.2e30: supR3HardenedWinSetupChildInit: Start child.
51145d8.2e30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
51245d8.2e30: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 59 sleeps
51345d8.2e30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
51445d8.2e30: *0000000000000000-00000000008affff 0x0001/0x0000 0x0000000
51545d8.2e30: *00000000008b0000-00000000008cffff 0x0004/0x0004 0x0020000
51645d8.2e30: *00000000008d0000-00000000008e8fff 0x0002/0x0002 0x0040000
51745d8.2e30: 00000000008e9000-00000000008effff 0x0001/0x0000 0x0000000
51845d8.2e30: *00000000008f0000-00000000009eafff 0x0000/0x0004 0x0020000
51945d8.2e30: 00000000009eb000-00000000009edfff 0x0104/0x0004 0x0020000
52045d8.2e30: 00000000009ee000-00000000009effff 0x0004/0x0004 0x0020000
52145d8.2e30: *00000000009f0000-00000000009f3fff 0x0002/0x0002 0x0040000
52245d8.2e30: 00000000009f4000-00000000009fffff 0x0001/0x0000 0x0000000
52345d8.2e30: *0000000000a00000-0000000000a45fff 0x0000/0x0004 0x0020000
52445d8.2e30: 0000000000a46000-0000000000a48fff 0x0004/0x0004 0x0020000
52545d8.2e30: 0000000000a49000-0000000000bfffff 0x0000/0x0004 0x0020000
52645d8.2e30: *0000000000c00000-0000000000c00fff 0x0004/0x0004 0x0020000
52745d8.2e30: 0000000000c01000-000000007ffdffff 0x0001/0x0000 0x0000000
52845d8.2e30: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
52945d8.2e30: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
53045d8.2e30: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
53145d8.2e30: 000000007ffe6000-00007ff5f14fffff 0x0001/0x0000 0x0000000
53245d8.2e30: *00007ff5f1500000-00007ff5f1522fff 0x0002/0x0002 0x0040000
53345d8.2e30: 00007ff5f1523000-00007ff69b42ffff 0x0001/0x0000 0x0000000
53445d8.2e30: *00007ff69b430000-00007ff69b430fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53545d8.2e30: 00007ff69b431000-00007ff69b4a3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53645d8.2e30: 00007ff69b4a4000-00007ff69b4a4fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53745d8.2e30: 00007ff69b4a5000-00007ff69b4ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53845d8.2e30: 00007ff69b4ec000-00007ff69b4ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53945d8.2e30: 00007ff69b4ed000-00007ff69b4edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54045d8.2e30: 00007ff69b4ee000-00007ff69b4f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54145d8.2e30: 00007ff69b4f3000-00007ff69b4f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54245d8.2e30: 00007ff69b4f4000-00007ff69b4f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54345d8.2e30: 00007ff69b4f5000-00007ff69b4f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54445d8.2e30: 00007ff69b4f9000-00007ff69b541fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54545d8.2e30: 00007ff69b542000-00007ffb23e8ffff 0x0001/0x0000 0x0000000
54645d8.2e30: *00007ffb23e90000-00007ffb23e90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
54745d8.2e30: 00007ffb23e91000-00007ffb23f9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
54845d8.2e30: 00007ffb23fa0000-00007ffb23fe5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
54945d8.2e30: 00007ffb23fe6000-00007ffb23ff0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
55045d8.2e30: 00007ffb23ff1000-00007ffb23ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
55145d8.2e30: 00007ffb23fff000-00007ffb23ffffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
55245d8.2e30: 00007ffb24000000-00007ffb24002fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
55345d8.2e30: 00007ffb24003000-00007ffb24070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
55445d8.2e30: 00007ffb24071000-00007ffffffeffff 0x0001/0x0000 0x0000000
55545d8.2e30: VirtualBoxVM.exe: timestamp 0x5c18e1cd (rc=VINF_SUCCESS)
55645d8.2e30: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
55745d8.2e30: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
55845d8.2e30: supR3HardNtChildPurify: Done after 576 ms and 0 fixes (loop #0).
5594564.534: Log file opened: 6.0.0r127566 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
5604564.534: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb23e90000 g_uNtVerCombined=0xa042ee00
56145d8.2e30: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000510000 LB 0x400000)
56245d8.2e30: supR3HardNtEnableThreadCreation:
5634564.534: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
5644564.534: New simple heap: #1 0000000000d10000 LB 0x400000 (for 1970176 allocation)
5654564.534: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
5664564.534: System32: \Device\HarddiskVolume3\Windows\System32
5674564.534: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
5684564.534: KnownDllPath: C:\Windows\System32
5694564.534: supR3HardenedVmProcessInit: Opening vboxdrv...
5704564.534: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5714564.534: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5724564.534: Registered Dll notification callback with NTDLL.
5734564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
5744564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
5754564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
5764564.534: supR3HardenedDllNotificationCallback: load 00007ffb20570000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
5774564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
5784564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
5794564.534: supR3HardenedDllNotificationCallback: load 00007ffb23da0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
5804564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5814564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\KERNEL32.DLL'
5824564.534: supR3HardenedDllNotificationCallback: load 00007ff69b430000 LB 0x00112000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
5834564.534: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
5844564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
5854564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
5864564.534: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb23f04f90 pvNtTerminateThread=00007ffb23f2b3f0
58745d8.2e30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 98 ms.
5884564.534: \SystemRoot\System32\ntdll.dll:
5894564.534: CreationTime: 2018-12-12T16:22:11.967963000Z
5904564.534: LastWriteTime: 2018-12-08T08:04:53.786979100Z
5914564.534: ChangeTime: 2018-12-20T17:28:16.091009200Z
5924564.534: FileAttributes: 0x20
5934564.534: Size: 0x1da720
5944564.534: NT Headers: 0xe8
5954564.534: Timestamp: 0x7e614c22
5964564.534: Machine: 0x8664 - amd64
5974564.534: Timestamp: 0x7e614c22
5984564.534: Image Version: 10.0
5994564.534: SizeOfImage: 0x1e1000 (1970176)
6004564.534: Resource Dir: 0x174000 LB 0x6b3e8
6014564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6024564.534: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6034564.534: ProductName: Microsoft® Windows® Operating System
6044564.534: ProductVersion: 10.0.17134.471
6054564.534: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
6064564.534: FileDescription: NT Layer DLL
6074564.534: \SystemRoot\System32\kernel32.dll:
6084564.534: CreationTime: 2018-04-11T23:34:40.510607900Z
6094564.534: LastWriteTime: 2018-04-11T23:34:40.510607900Z
6104564.534: ChangeTime: 2018-08-02T10:52:14.292003200Z
6114564.534: FileAttributes: 0x20
6124564.534: Size: 0xafef8
6134564.534: NT Headers: 0xe8
6144564.534: Timestamp: 0x5f488a51
6154564.534: Machine: 0x8664 - amd64
6164564.534: Timestamp: 0x5f488a51
6174564.534: Image Version: 10.0
6184564.534: SizeOfImage: 0xb2000 (729088)
6194564.534: Resource Dir: 0xb0000 LB 0x520
6204564.534: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6214564.534: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6224564.534: ProductName: Microsoft® Windows® Operating System
6234564.534: ProductVersion: 10.0.17134.1
6244564.534: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
6254564.534: FileDescription: Windows NT BASE API Client DLL
6264564.534: \SystemRoot\System32\KernelBase.dll:
6274564.534: CreationTime: 2018-11-27T20:43:23.300474400Z
6284564.534: LastWriteTime: 2018-11-09T02:47:52.285920600Z
6294564.534: ChangeTime: 2018-12-20T17:28:16.089057400Z
6304564.534: FileAttributes: 0x20
6314564.534: Size: 0x273b78
6324564.534: NT Headers: 0xf0
6334564.534: Timestamp: 0x428de48c
6344564.534: Machine: 0x8664 - amd64
6354564.534: Timestamp: 0x428de48c
6364564.534: Image Version: 10.0
6374564.534: SizeOfImage: 0x273000 (2568192)
6384564.534: Resource Dir: 0x251000 LB 0x548
6394564.534: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6404564.534: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6414564.534: ProductName: Microsoft® Windows® Operating System
6424564.534: ProductVersion: 10.0.17134.441
6434564.534: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
6444564.534: FileDescription: Windows NT BASE API Client DLL
6454564.534: \SystemRoot\System32\apisetschema.dll:
6464564.534: CreationTime: 2018-04-11T23:34:44.042150700Z
6474564.534: LastWriteTime: 2018-04-11T23:34:44.042150700Z
6484564.534: ChangeTime: 2018-08-02T11:35:09.677325500Z
6494564.534: FileAttributes: 0x20
6504564.534: Size: 0x1bd98
6514564.534: NT Headers: 0xd0
6524564.534: Timestamp: 0xd02ff418
6534564.534: Machine: 0x8664 - amd64
6544564.534: Timestamp: 0xd02ff418
6554564.534: Image Version: 10.0
6564564.534: SizeOfImage: 0x1c000 (114688)
6574564.534: Resource Dir: 0x1b000 LB 0x408
6584564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6594564.534: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6604564.534: ProductName: Microsoft® Windows® Operating System
6614564.534: ProductVersion: 10.0.17134.1
6624564.534: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
6634564.534: FileDescription: ApiSet Schema DLL
6644564.534: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6654564.534: supR3HardenedWinFindAdversaries: 0x20
6664564.534: \SystemRoot\System32\drivers\cfwids.sys:
6674564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
6684564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
6694564.534: ChangeTime: 2018-12-26T04:19:44.333339400Z
6704564.534: FileAttributes: 0x20
6714564.534: Size: 0x12d40
6724564.534: NT Headers: 0xf0
6734564.534: Timestamp: 0x5b7cebbe
6744564.534: Machine: 0x8664 - amd64
6754564.534: Timestamp: 0x5b7cebbe
6764564.534: Image Version: 0.0
6774564.534: SizeOfImage: 0x14000 (81920)
6784564.534: Resource Dir: 0x12000 LB 0x550
6794564.534: [Version info resource found at 0x80! (ID/Name: 0x1; SubID/SubName: 0x409)]
6804564.534: [Raw version resource data: 0x120a0 LB 0x318, codepage 0x0 (reserved 0x0)]
6814564.534: ProductName: SYSCORE
6824564.534: ProductVersion: 18.9.0.174
6834564.534: FileVersion: SYSCORE.18.9.0.174
6844564.534: PrivateBuild: SYSCORE.18.9.0.174
6854564.534: FileDescription: McAfee Personal Firewall IDS Plugin
6864564.534: \SystemRoot\System32\drivers\mfeavfk.sys:
6874564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
6884564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
6894564.534: ChangeTime: 2018-12-26T04:19:44.054118000Z
6904564.534: FileAttributes: 0x20
6914564.534: Size: 0x5ab40
6924564.534: NT Headers: 0xe8
6934564.534: Timestamp: 0x5b7ceb01
6944564.534: Machine: 0x8664 - amd64
6954564.534: Timestamp: 0x5b7ceb01
6964564.534: Image Version: 0.0
6974564.534: SizeOfImage: 0x5b000 (372736)
6984564.534: Resource Dir: 0x59000 LB 0x758
6994564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7004564.534: [Raw version resource data: 0x59110 LB 0x334, codepage 0x0 (reserved 0x0)]
7014564.534: ProductName: SYSCORE
7024564.534: ProductVersion: 18.9.0.174
7034564.534: FileVersion: SYSCORE.18.9.0.174
7044564.534: PrivateBuild: SYSCORE.18.9.0.174 F15,F16,F19
7054564.534: FileDescription: Anti-Virus File System Filter Driver
7064564.534: \SystemRoot\System32\drivers\mfefirek.sys:
7074564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
7084564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
7094564.534: ChangeTime: 2018-12-26T04:19:43.925830500Z
7104564.534: FileAttributes: 0x20
7114564.534: Size: 0x7dd40
7124564.534: NT Headers: 0xf0
7134564.534: Timestamp: 0x5b7ceb8a
7144564.534: Machine: 0x8664 - amd64
7154564.534: Timestamp: 0x5b7ceb8a
7164564.534: Image Version: 0.0
7174564.534: SizeOfImage: 0x7f000 (520192)
7184564.534: Resource Dir: 0x7b000 LB 0x388
7194564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7204564.534: [Raw version resource data: 0x7b060 LB 0x328, codepage 0x0 (reserved 0x0)]
7214564.534: ProductName: SYSCORE
7224564.534: ProductVersion: 18.9.0.174
7234564.534: FileVersion: SYSCORE.18.9.0.174
7244564.534: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
7254564.534: FileDescription: McAfee Core Firewall Engine Driver
7264564.534: \SystemRoot\System32\drivers\mfehidk.sys:
7274564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
7284564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
7294564.534: ChangeTime: 2018-12-26T04:19:39.056247500Z
7304564.534: FileAttributes: 0x20
7314564.534: Size: 0xee140
7324564.534: NT Headers: 0x108
7334564.534: Timestamp: 0x5b7cea9c
7344564.534: Machine: 0x8664 - amd64
7354564.534: Timestamp: 0x5b7cea9c
7364564.534: Image Version: 0.0
7374564.534: SizeOfImage: 0xf7000 (1011712)
7384564.534: Resource Dir: 0xf3000 LB 0x758
7394564.534: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7404564.534: [Raw version resource data: 0xf3110 LB 0x320, codepage 0x0 (reserved 0x0)]
7414564.534: ProductName: SYSCORE
7424564.534: ProductVersion: 18.9.0.174
7434564.534: FileVersion: SYSCORE.18.9.0.174
7444564.534: PrivateBuild: SYSCORE.18.9.0.174 F14,F15,F16,F18,F20
7454564.534: FileDescription: McAfee Link Driver
7464564.534: \SystemRoot\System32\drivers\mfencbdc.sys:
7474564.534: CreationTime: 2017-11-21T07:48:58.000000000Z
7484564.534: LastWriteTime: 2018-10-02T17:09:34.000000000Z
7494564.534: ChangeTime: 2018-12-26T04:20:13.928345700Z
7504564.534: FileAttributes: 0x20
7514564.534: Size: 0x88f30
7524564.534: NT Headers: 0xe0
7534564.534: Timestamp: 0x5b843d50
7544564.534: Machine: 0x8664 - amd64
7554564.534: Timestamp: 0x5b843d50
7564564.534: Image Version: 0.0
7574564.534: SizeOfImage: 0x8c000 (573440)
7584564.534: Resource Dir: 0x8a000 LB 0x3e0
7594564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7604564.534: [Raw version resource data: 0x8a060 LB 0x380, codepage 0x0 (reserved 0x0)]
7614564.534: ProductName: Anti-Malware Core
7624564.534: ProductVersion: 18.9.0
7634564.534: FileVersion: Anti-Malware Core.18.9.0.284.x64
7644564.534: PrivateBuild: Anti-Malware Core.18.9.0.284.x64
7654564.534: FileDescription: Event Driver
7664564.534: \SystemRoot\System32\drivers\mfewfpk.sys:
7674564.534: CreationTime: 2018-01-31T17:06:48.000000000Z
7684564.534: LastWriteTime: 2018-10-04T08:27:26.000000000Z
7694564.534: ChangeTime: 2018-12-26T04:18:31.226499400Z
7704564.534: FileAttributes: 0x20
7714564.534: Size: 0x3df40
7724564.534: NT Headers: 0xf0
7734564.534: Timestamp: 0x5b7ceab5
7744564.534: Machine: 0x8664 - amd64
7754564.534: Timestamp: 0x5b7ceab5
7764564.534: Image Version: 0.0
7774564.534: SizeOfImage: 0x59000 (364544)
7784564.534: Resource Dir: 0x57000 LB 0x380
7794564.534: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7804564.534: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
7814564.534: ProductName: SYSCORE
7824564.534: ProductVersion: 18.9.0.174
7834564.534: FileVersion: SYSCORE.18.9.0.174
7844564.534: PrivateBuild: SYSCORE.18.9.0.174 F17,F18
7854564.534: FileDescription: Anti-Virus Mini-Firewall Driver
7864564.534: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7874564.534: Calling main()
7884564.534: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
7894564.534: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7904564.534: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7914564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7924564.534: SUPR3HardenedMain: Final process, opening VBoxDrv...
7934564.534: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d10000 LB 0x400000)
7944564.534: supR3HardNtEnableThreadCreation:
7954564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7964564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7974564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
7984564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7994564.534: supR3HardenedDllNotificationCallback: load 00007ffb18610000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8004564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8014564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8024564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8034564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8044564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8054564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8064564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8074564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18610000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8084564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8094564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
8104564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8114564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8124564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
8134564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
8144564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8154564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8164564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
8174564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
8184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8204564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
8214564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
8224564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
8234564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8254564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
8264564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
8274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8294564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
8304564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
8314564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8324564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8334564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8344564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8354564.534: supR3HardenedDllNotificationCallback: load 00007ffb23890000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
8364564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8374564.534: supR3HardenedDllNotificationCallback: load 00007ffb201a0000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
8384564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8394564.534: supR3HardenedDllNotificationCallback: load 00007ffb21220000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
8404564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
8414564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
8424564.534: supR3HardenedDllNotificationCallback: load 00007ffb20310000 LB 0x001e2000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
8434564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8444564.534: supR3HardenedDllNotificationCallback: load 00007ffb23090000 LB 0x00124000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
8454564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8464564.534: supR3HardenedDllNotificationCallback: load 00007ffb23430000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
8474564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
8484564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
8494564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
8504564.534: supR3HardenedDllNotificationCallback: load 00007ffb23960000 LB 0x000a1000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
8514564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8524564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
8534564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
8544564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
8554564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
8564564.534: supR3HardenedDllNotificationCallback: load 00007ffb21020000 LB 0x00057000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
8574564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8584564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8594564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8604564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-synch-l1-2-0'
8614564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8624564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8634564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-fibers-l1-1-1'
8644564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
8654564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8664564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-fibers-l1-1-1'
8674564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
8684564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8694564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-synch-l1-2-0'
8704564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
8714564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8724564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-l1-2-1'
8734564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\system32\Wintrust.dll'
8744564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
8754564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
8764564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8774564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8784564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8794564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
8804564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
8814564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8824564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8834564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8844564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8854564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8864564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8874564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8884564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
8894564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8904564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fd00000 LB 0x00025000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
8914564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8924564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1fd00000 'C:\Windows\system32\bcrypt.dll'
8934564.534: bcrypt.dll loaded at 00007ffb1fd00000, BCryptOpenAlgorithmProvider at 00007ffb1fd02770, preloading providers:
8944564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
8954564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
8964564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8974564.534: supR3HardenedDllNotificationCallback: load 00007ffb20fa0000 LB 0x0007a000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
8984564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8994564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20fa0000 'C:\Windows\system32\bcryptprimitives.dll'
9004564.534: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000001125120)
9014564.534: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000112c620)
9024564.534: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000112f9a0)
9034564.534: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000112fc70)
9044564.534: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000112ff40)
9054564.534: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001130210)
9064564.534: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000011304e0)
9074564.534: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000011307b0)
9084564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
9094564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
9104564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fbd0000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9114564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9124564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
9134564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
9144564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9154564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9174564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9184564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9194564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9204564.534: supR3HardenedDllNotificationCallback: load 00007ffb1f5d0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
9214564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9224564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
9234564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
9244564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
9254564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
9264564.534: supR3HardenedDllNotificationCallback: load 00007ffb1fbf0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
9274564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9284564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9294564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9304564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9314564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9324564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9334564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll'
9344564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9354564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9364564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\System32\WINTRUST.DLL'
9374564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9384564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\CRYPT32.dll'
9404564.534: supR3HardenedDllNotificationCallback: load 00007ffb23930000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
9414564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
9424564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
9434564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9444564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9454564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
9464564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9474564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9484564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
9494564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
9504564.534: supR3HardenedDllNotificationCallback: load 00007ffb1eea0000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
9514564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9524564.534: supR3HardenedDllNotificationCallback: load 00007ffb20220000 LB 0x0001f000 C:\Windows\System32\profapi.dll [fFlags=0x0]
9534564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
9544564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
9554564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9564564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9574564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
9584564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
9594564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9604564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9614564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9624564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9644564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9654564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9664564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9674564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9694564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9704564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9714564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9724564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9734564.534: supR3HardenedDllNotificationCallback: load 00007ffb0e570000 LB 0x0002e000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
9744564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9754564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9764564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9774564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9784564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9794564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9804564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9814564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9824564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9834564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9844564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9854564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9864564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9874564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9884564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9894564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9904564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9914564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9924564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9934564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9944564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9954564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9964564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9974564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9984564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
9994564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10004564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
10014564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10024564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
10034564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
10044564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
10054564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e570000 'C:\Windows\System32\cryptnet.dll'
10064564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10074564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10084564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10094564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10104564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10114564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10124564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10134564.534: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001153800
10144564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
10154564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D718C6590C8EC69621641D918F7E93AE14B7CE0C
10164564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10174564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10184564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23090000 'C:\Windows\System32\rpcrt4.dll'
10194564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10204564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10214564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10224564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10234564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10244564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10254564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1759_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
10264564.534: g_pfnWinVerifyTrust=00007ffb21029940
10274564.534: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10284564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10294564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10304564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10314564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10324564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10334564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10344564.534: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
10354564.534: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10364564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10374564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10384564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10394564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10404564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10414564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10424564.534: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
10434564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
10444564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
10454564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
10464564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
10474564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10484564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10494564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10504564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10514564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10524564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10534564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
10544564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10554564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10564564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10574564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
10584564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10594564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10604564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10614564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
10624564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10634564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10644564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10654564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
10664564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10674564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10684564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10694564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
10704564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10714564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10724564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10734564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
10744564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10754564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10764564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
10774564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10784564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
10794564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10804564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10814564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
10824564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
10834564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
10844564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10854564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10864564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
10874564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10884564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10894564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
10904564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10914564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10924564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
10934564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10944564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10954564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
10964564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
10974564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
10984564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
10994564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11004564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
11014564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
11024564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11034564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
11044564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
11054564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11064564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11074564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11084564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
11094564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11104564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
11114564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
11124564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11134564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
11144564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
11154564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\system32\crypt32.dll'
11164564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11174564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11184564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
11194564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11204564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
11214564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11224564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11234564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11244564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11254564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11264564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11274564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11284564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
11294564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
11304564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11314564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11324564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11334564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11344564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11354564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
11364564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11374564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11384564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11394564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11404564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11414564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11424564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11434564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11444564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11454564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11464564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11474564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11484564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
11494564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
11504564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11514564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11524564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11534564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11544564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11554564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11564564.534: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11574564.534: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11584564.534: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
11594564.534: SUPR3HardenedMain: Load Runtime...
11604564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11614564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11624564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11634564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
11644564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
11654564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11664564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11674564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11694564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11704564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
11714564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11724564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
11734564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
11744564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11754564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11764564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
11774564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11784564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11794564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11804564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11814564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
11824564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11834564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11844564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
11854564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
11864564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11874564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11894564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11904564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
11914564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
11924564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
11934564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
11944564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
11954564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
11964564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
11974564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
11984564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
11994564.534: supR3HardenedDllNotificationCallback: load 0000000074eb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
12004564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
12014564.534: supR3HardenedDllNotificationCallback: load 00000000748a0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
12024564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
12034564.534: supR3HardenedDllNotificationCallback: load 00007ffb23330000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
12044564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
12054564.534: supR3HardenedDllNotificationCallback: load 00007ffae4b10000 LB 0x0052a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12064564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12074564.534: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
12084564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
12094564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12104564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12114564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12124564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12134564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12154564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12164564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12174564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12184564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12194564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12204564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12214564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12224564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12234564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12244564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12254564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12264564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12274564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12284564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12294564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12304564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12314564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12324564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12334564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12344564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12354564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12364564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12374564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12384564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12404564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12414564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12424564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12434564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12444564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12454564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12464564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12474564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12484564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12494564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12504564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12514564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12524564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
12534564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12544564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12554564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12564564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12574564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae4b10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12584564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
12594564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
12604564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21020000 'C:\Windows\system32\Wintrust.dll'
12614564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
12624564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
12634564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
12644564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
12654564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
12664564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
12674564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\system32\crypt32.dll'
12684564.534: SUPR3HardenedMain: Load TrustedMain...
12694564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
12704564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12714564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
12724564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
12734564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
12744564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
12754564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
12764564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
12774564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
12784564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12794564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12804564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
12814564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
12824564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
12834564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
12844564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
12854564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12864564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12874564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
12884564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
12894564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
12904564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12914564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
12924564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
12934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12954564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12964564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12974564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
12984564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
12994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
13004564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
13014564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13024564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
13034564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
13044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13054564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13064564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
13074564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
13084564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13094564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
13104564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
13114564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
13124564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
13134564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
13144564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
13154564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
13164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13204564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
13214564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13224564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13234564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
13244564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
13254564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
13264564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
13274564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
13284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
13294564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
13304564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
13314564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
13324564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
13334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
13344564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
13354564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
13364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13384564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
13394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
13404564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
13414564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
13424564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
13434564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
13444564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
13454564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
13464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13474564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
13494564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
13504564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
13514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13524564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13534564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
13544564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13554564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13564564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
13574564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
13584564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13594564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13604564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
13614564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
13624564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
13634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13644564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13654564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13664564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13674564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13694564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13704564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
13714564.534: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
13724564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
13734564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
13744564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
13754564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
13764564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
13774564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
13784564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
13794564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13804564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13814564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13824564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13834564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13844564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
13854564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
13864564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
13874564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
13884564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13894564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13904564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13914564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13924564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13934564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13954564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13964564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13974564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13984564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
13994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14004564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14014564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
14024564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14034564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14044564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14054564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14064564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14074564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14084564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14094564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14104564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
14114564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14124564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14134564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14144564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
14154564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14164564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14174564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14184564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14194564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14204564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14214564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14224564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
14234564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14264564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
14274564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14284564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14294564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14304564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14314564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14324564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14334564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14344564.534: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
14354564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14384564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14414564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14444564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
14454564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14464564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
14474564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
14484564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
14494564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
14504564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14524564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14534564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14544564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14554564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
14564564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14574564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14584564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14594564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14604564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14614564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14624564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14644564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14654564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14664564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14674564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14694564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14704564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
14714564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14724564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14734564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
14744564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14754564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14764564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14774564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14784564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14794564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
14804564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14814564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
14824564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14834564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14844564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
14854564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
14864564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
14874564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14894564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
14904564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14914564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14924564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
14934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14954564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
14964564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14974564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14984564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
14994564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
15004564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
15014564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15024564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15034564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
15044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15054564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15064564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15074564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15084564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15094564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
15104564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15114564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15124564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15134564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15144564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15154564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15184564.534: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
15194564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15204564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
15214564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
15224564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
15234564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
15244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15264564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15294564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15304564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15314564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15324564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
15334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15344564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15354564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15384564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15414564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15444564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15454564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15474564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
15484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15494564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15504564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15524564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15534564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
15544564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
15554564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15564564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
15574564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
15584564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
15594564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15604564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15614564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
15624564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15644564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
15654564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15664564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15674564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
15684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15694564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15704564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15714564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15724564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15734564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
15744564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15754564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15764564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
15774564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15784564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15794564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
15804564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15814564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15824564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
15834564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15844564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15854564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15864564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
15874564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
15884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15894564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15904564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
15914564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
15924564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
15934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15954564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
15964564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
15974564.534: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
15984564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16004564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
16014564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16024564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16034564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
16044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
16054564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
16064564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
16074564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
16084564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16094564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16104564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
16114564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16124564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
16134564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
16144564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16154564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
16164564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
16174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16194564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
16204564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
16214564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
16224564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
16234564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
16244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16264564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16294564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
16304564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16314564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16324564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
16334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16344564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16354564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
16364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16384564.534: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
16394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16414564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16444564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16454564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16474564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16494564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
16504564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
16514564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16524564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16534564.534: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
16544564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
16554564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16564564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16574564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
16584564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16594564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16604564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
16614564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16624564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
16634564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16644564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
16654564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
16664564.534: supR3HardenedDllNotificationCallback: load 00007ffb20500000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
16674564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
16684564.534: supR3HardenedDllNotificationCallback: load 00007ffb207f0000 LB 0x0009f000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
16694564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
16704564.534: supR3HardenedDllNotificationCallback: load 00007ffb21080000 LB 0x00192000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
16714564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
16724564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
16734564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
16744564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
16754564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
16764564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
16774564.534: supR3HardenedDllNotificationCallback: load 00007ffb23060000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
16784564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
16794564.534: supR3HardenedDllNotificationCallback: load 00007ffb215d0000 LB 0x00190000 C:\Windows\System32\USER32.dll [fFlags=0x0]
16804564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
16814564.534: supR3HardenedDllNotificationCallback: load 00007ffb11460000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
16824564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
16834564.534: supR3HardenedDllNotificationCallback: load 00007ffafd380000 LB 0x00120000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
16844564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
16854564.534: supR3HardenedDllNotificationCallback: load 00007ffb20520000 LB 0x00049000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
16864564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
16874564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
16884564.534: supR3HardenedDllNotificationCallback: load 00007ffb23560000 LB 0x00322000 C:\Windows\System32\combase.dll [fFlags=0x0]
16894564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
16904564.534: supR3HardenedDllNotificationCallback: load 00007ffb23cf0000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0]
16914564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16924564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
16934564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
16944564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
16954564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
16964564.534: supR3HardenedDllNotificationCallback: load 00007ffb233d0000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
16974564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16984564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
16994564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
17004564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
17014564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
17024564.534: supR3HardenedDllNotificationCallback: load 00007ffb20240000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
17034564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
17044564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
17054564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
17064564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
17074564.534: supR3HardenedDllNotificationCallback: load 00007ffb201d0000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
17084564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
17094564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
17104564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
17114564.534: supR3HardenedDllNotificationCallback: load 00007ffb201c0000 LB 0x0000a000 C:\Windows\System32\FLTLIB.DLL [fFlags=0x0]
17124564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll)
17134564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll
17144564.534: supR3HardenedDllNotificationCallback: load 00007ffb20890000 LB 0x0070d000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
17154564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17164564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
17174564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
17184564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
17194564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
17204564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
17214564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
17224564.534: supR3HardenedDllNotificationCallback: load 00007ffb21770000 LB 0x01440000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
17234564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
17244564.534: supR3HardenedDllNotificationCallback: load 00007ffb23a10000 LB 0x00151000 C:\Windows\System32\ole32.dll [fFlags=0x0]
17254564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
17264564.534: supR3HardenedDllNotificationCallback: load 00007ffb173b0000 LB 0x0001a000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
17274564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
17284564.534: supR3HardenedDllNotificationCallback: load 0000000074940000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17294564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17304564.534: supR3HardenedDllNotificationCallback: load 00007ffad9900000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17314564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17324564.534: supR3HardenedDllNotificationCallback: load 00000000741a0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
17334564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
17344564.534: supR3HardenedDllNotificationCallback: load 00007ffb23490000 LB 0x000c2000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
17354564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
17364564.534: supR3HardenedDllNotificationCallback: load 00007ffad9f00000 LB 0x00592000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
17374564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
17384564.534: supR3HardenedDllNotificationCallback: load 0000000075c10000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
17394564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17404564.534: supR3HardenedDllNotificationCallback: load 00007ffb1d520000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
17414564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
17424564.534: supR3HardenedDllNotificationCallback: load 00007ffb1db20000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
17434564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
17444564.534: supR3HardenedDllNotificationCallback: load 00007ffad4ec0000 LB 0x01f0f000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
17454564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
17464564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
17474564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
17484564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
17494564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled]
17504564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
17514564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
17524564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
17534564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
17544564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
17554564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
17564564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
17574564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
17584564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
17594564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
17604564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
17614564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
17624564.534: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
17634564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
17644564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
17654564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
17664564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
17674564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
17684564.534: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
17694564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
17704564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
17714564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
17724564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
17734564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
17744564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
17754564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
17764564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
17774564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
17784564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17794564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
17804564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
17814564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
17824564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
17834564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
17844564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
17854564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
17864564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
17874564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll
17884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
17894564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
17904564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
17914564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
17924564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
17934564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
17944564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
17954564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
17964564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17974564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17984564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18004564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18014564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18024564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18034564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18054564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18064564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18074564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18084564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18094564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18104564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
18114564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18124564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18134564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18144564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18154564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
18194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
18204564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
18214564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
18224564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
18234564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18264564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18294564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18304564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18314564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
18324564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18344564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18354564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18364564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
18374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18384564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18394564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
18404564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
18414564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
18424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
18434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
18444564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
18454564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
18464564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
18474564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18484564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll'
18494564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
18504564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18514564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-string-l1-1-0'
18524564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
18534564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18544564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-datetime-l1-1-1'
18554564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
18564564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
18574564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-obsolete-l1-2-0'
18584564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18594564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
18604564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
18614564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
18624564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
18634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
18644564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
18654564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
18664564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
18674564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
18684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18694564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18704564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
18714564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
18724564.534: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
18734564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
18744564.534: supR3HardenedDllNotificationCallback: load 00007ffb233a0000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
18754564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
18764564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb233a0000 'C:\Windows\system32\IMM32.DLL'
18774564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
18784564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
18794564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18804564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
18814564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23960000 'C:\Windows\System32\ADVAPI32.DLL'
18824564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4ec0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
18834564.534: SUPR3HardenedMain: Calling TrustedMain (00007ffad4ec16c0)...
18844564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
18854564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18864564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
18874564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18884564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18894564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18904564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
18914564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18924564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
18934564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
18944564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
18954564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
18964564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
18974564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18984564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19004564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19014564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19024564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19034564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19054564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19064564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19074564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19084564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19094564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19104564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19114564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
19124564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
19134564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
19144564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
19154564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19174564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
19184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19204564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
19214564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19224564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19234564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
19244564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
19254564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
19264564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
19274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19294564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
19304564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
19314564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
19324564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
19334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19344564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19354564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19384564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
19394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
19404564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
19414564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
19424564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19434564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19444564.534: supR3HardenedDllNotificationCallback: load 00007ffaebee0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
19454564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19464564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaebee0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
19474564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000614 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19484564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
19494564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
19504564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A
19514564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
19524564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
19534564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
19544564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19554564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19564564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
19574564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
19584564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
19594564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19604564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19614564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19624564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19644564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19654564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19664564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
19674564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19684564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ea90000 LB 0x00098000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
19694564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
19704564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll'
19714564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\system32\user32.dll'
19724564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
19734564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19744564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
19754564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
19764564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
19774564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
19784564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
19794564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
19804564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23cf0000 'C:\Windows\system32\SHCore.dll'
19814564.534: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
19824564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
19834564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19844564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
19854564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
19864564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
19874564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
19884564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
19894564.534: supR3HardenedDllNotificationCallback: load 00007ffb1eb60000 LB 0x00029000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
19904564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
19914564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19924564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19954564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
19964564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
19974564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
19984564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
19994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20004564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20014564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
20024564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
20034564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
20044564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20054564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20064564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\system32\winmm.dll'
20074564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20084564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20094564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\system32\winmm.dll'
20104564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20114564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20124564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
20134564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
20144564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20154564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll'
20164564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20174564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20184564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23960000 'C:\Windows\system32\advapi32.dll'
20194564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
20204564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
20214564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
20224564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
20234564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
20244564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
20254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
20264564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
20274564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
20284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20294564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20304564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20314564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20324564.534: supR3HardenedDllNotificationCallback: load 00007ffb200a0000 LB 0x00028000 C:\Windows\system32\userenv.dll [fFlags=0x0]
20334564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
20344564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb200a0000 'C:\Windows\system32\userenv.dll'
20354564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
20364564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
20374564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23da0000 'C:\Windows\System32\kernel32.dll'
20384564.534: supR3HardenedDllNotificationCallback: load 00007ffb214d0000 LB 0x000a0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
20394564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20404564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
20414564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
20424564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
20434564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20444564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20454564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
20464564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20474564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20484564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
20494564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
20504564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
20514564.160: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
20524564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
20534564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20544564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20554564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20564564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20574564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20584564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20594564.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20604564.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20614564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20624564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20634564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20644564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20654564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20664564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20674564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20684564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20694564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
20704564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20714564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20724564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20734564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20744564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
20754564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20764564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20774564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
20784564.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20794564.160: supR3HardenedDllNotificationCallback: load 00007ffadf3a0000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20804564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
20814564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20824564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
20834564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20844564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20854564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20864564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
20874564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20884564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20894564.160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20904564.160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
20914564.160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20924564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20934564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20944564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20954564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20964564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20974564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20984564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20994564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21004564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21014564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21024564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
21034564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
21044564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
21054564.160: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
21064564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21074564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21084564.160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
21094564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21104564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21114564.160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21124564.160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21134564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21144564.160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21154564.160: supR3HardenedDllNotificationCallback: load 00007ffaebe00000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
21164564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21174564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaebe00000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
21184564.160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21194564.160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
21204564.160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\oleaut32.dll'
21214564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23060000 'C:\Windows\system32\gdi32.dll'
21224564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
21234564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
21244564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
21254564.534: supR3HardenedDllNotificationCallback: load 00007ffb23b70000 LB 0x00173000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
21264564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21274564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
21284564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
21294564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
21304564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
21314564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
21324564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
21334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21344564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21354564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
21364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21384564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21414564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21424564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21444564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21454564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
21464564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
21474564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
21484564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
21494564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
21504564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
21514564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49
21524564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
21534564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
21544564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
21554564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21564564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21574564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
21584564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
21594564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
21604564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
21614564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
21624564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
21634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
21644564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
21654564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
21664564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
21674564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
21684564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
21694564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
21704564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
21714564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
21724564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
21734564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
21744564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
21754564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
21764564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
21774564.534: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
21784564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21794564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
21804564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
21814564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
21824564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21834564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21844564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
21854564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
21864564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
21874564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
21884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21894564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21904564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
21914564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
21924564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
21934564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
21944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21954564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21964564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
21974564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
21984564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21994564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
22004564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
22014564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
22024564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22034564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22054564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
22064564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
22074564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
22084564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
22094564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
22104564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
22114564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
22124564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22134564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
22154564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
22164564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
22174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
22184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
22194564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
22204564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22214564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22224564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
22234564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22244564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22254564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22264564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22274564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ef20000 LB 0x000bb000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
22284564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
22294564.534: supR3HardenedDllNotificationCallback: load 00007ffb1d210000 LB 0x0030b000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
22304564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
22314564.534: supR3HardenedDllNotificationCallback: load 00007ffb1db50000 LB 0x0019c000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
22324564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
22334564.534: supR3HardenedDllNotificationCallback: load 00007ffb078b0000 LB 0x00058000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
22344564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
22354564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
22364564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
22374564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
22384564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23060000 'C:\Windows\System32\gdi32.dll'
22404564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb078b0000 'C:\Windows\system32\dataexchange.dll'
22414564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22424564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
22434564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
22444564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
22454564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
22464564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
22474564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22484564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
22494564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
22504564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
22514564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e570000 LB 0x00021000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
22524564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
22534564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e5f0000 LB 0x001b8000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
22544564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
22554564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22564564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22574564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22584564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22594564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
22604564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
22614564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
22624564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22644564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
22654564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
22664564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
22674564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22694564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
22704564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
22714564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
22724564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
22734564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22744564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
22754564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
22764564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
22774564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
22784564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
22794564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23cf0000 'C:\Windows\system32\Shcore.dll'
22804564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22814564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'.
22824564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'.
22834564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
22844564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
22854564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22864564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
22874564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
22884564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
22894564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
22904564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22914564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
22924564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
22934564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
22944564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
22954564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
22964564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
22974564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
22984564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
22994564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
23004564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
23014564.534: supR3HardenedDllNotificationCallback: load 00007ffb1f250000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
23024564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
23034564.534: supR3HardenedDllNotificationCallback: load 00007ffb1e0f0000 LB 0x000da000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
23044564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
23054564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c100000 LB 0x0014d000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
23064564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
23074564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c250000 LB 0x0031e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
23084564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
23094564.534: supR3HardenedDllNotificationCallback: load 00007ffb1b060000 LB 0x00096000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
23104564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
23114564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
23124564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
23134564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
23144564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23154564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
23174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
23184564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
23194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23204564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23214564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23224564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23234564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
23244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
23254564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
23264564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23284564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23294564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23304564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23314564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
23324564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
23334564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
23344564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
23354564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
23364564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
23374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23384564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
23404564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
23414564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
23424564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
23434564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
23444564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
23454564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
23464564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
23474564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
23484564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
23494564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
23504564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
23514564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
23524564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
23534564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
23544564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\OLEAUT32.DLL'
23554564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
23564564.534: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23574564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
23584564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
23594564.534: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23604564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
23614564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
23624564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23634564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23560000 'api-ms-win-core-com-l1-1-0.dll'
23644564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
23654564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23664564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\MSCTF.dll'
23674564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
23684564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23694564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
23704564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
23714564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
23724564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23734564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1eb60000 'C:\Windows\system32\dwmapi.dll'
23744564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
23754564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
23764564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ea90000 'C:\Windows\system32\uxtheme.dll'
23774564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
23784564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
23794564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1eb60000 'C:\Windows\SYSTEM32\dwmapi.dll'
23804564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a58 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
23814564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
23824564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
23834564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6868B70823C29BB44065B2BB121FA81DF77F96EB
23844564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
23854564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
23864564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
23874564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23884564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23894564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
23904564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shlwapi.dll'.
23914564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
23924564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'comctl32.dll'.
23934564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'shell32.dll'.
23944564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
23954564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
23964564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
23974564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
23984564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
23994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
24004564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
24014564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
24024564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
24034564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24044564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24054564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
24064564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
24074564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24084564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24094564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24104564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24114564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
24124564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24134564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24144564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24154564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24204564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24214564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24224564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\comdlg32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24234564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
24244564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24254564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24264564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll)
24274564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll
24284564.534: supR3HardenedDllNotificationCallback: load 00007ffaf02b0000 LB 0x000a7000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\COMCTL32.dll [fFlags=0x0]
24294564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll [avoiding WinVerifyTrust]
24304564.534: supR3HardenedDllNotificationCallback: load 00007ffb231c0000 LB 0x000ed000 C:\Windows\System32\comdlg32.dll [fFlags=0x0]
24314564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
24324564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll'.
24334564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.472_none_f9558ad13092c43c\comctl32.dll' [rescheduled]
24344564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
24354564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24384564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24414564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24424564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb233a0000 'C:\Windows\System32\imm32.dll'
24434564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb231c0000 'C:\Windows\System32\comdlg32.dll'
24444564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
24454564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
24464564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24474564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
24484564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
24494564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
24504564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
24514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24524564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24534564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24544564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24554564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24564564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24574564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24584564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
24594564.534: supR3HardenedDllNotificationCallback: load 00007ffb1ca00000 LB 0x001b4000 C:\Windows\system32\propsys.dll [fFlags=0x0]
24604564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
24614564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ca00000 'C:\Windows\system32\propsys.dll'
24624564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
24634564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
24644564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
24654564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
24664564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24674564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\system32\windows.storage.dll'
24684564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
24694564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
24704564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\system32\Windows.Storage.dll'
24714564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
24724564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
24734564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24744564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
24754564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
24764564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll) WinVerifyTrust
24774564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24784564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24794564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24804564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24814564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24824564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24834564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24844564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24854564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24864564.534: supR3HardenedDllNotificationCallback: load 00007ffb0e840000 LB 0x00269000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll [fFlags=0x0]
24874564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24884564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
24894564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24904564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24914564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
24924564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24934564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24944564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
24954564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24964564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
24974564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
24984564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
24994564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25004564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25014564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
25024564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25034564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25044564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
25054564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25064564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25074564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25084564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25094564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25104564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\shell32.dll'
25114564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25124564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25134564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
25144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
25154564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25164564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25174564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
25184564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll) WinVerifyTrust
25194564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
25204564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25214564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25224564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25234564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25244564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25264564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25274564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
25284564.534: supR3HardenedDllNotificationCallback: load 00007ffaee570000 LB 0x000a5000 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll [fFlags=0x0]
25294564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
25304564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaee570000 'C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll'
25314564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25324564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
25334564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25344564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
25354564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'oleaut32.dll'.
25364564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\edputil.dll)
25374564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\edputil.dll
25384564.534: supR3HardenedDllNotificationCallback: load 00007ffafecc0000 LB 0x00044000 C:\Windows\SYSTEM32\edputil.dll [fFlags=0x0]
25394564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
25404564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b58 pwszName=\Device\HarddiskVolume3\Windows\System32\edputil.dll
25414564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
25424564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
25434564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A98AB64534C9A66B8A26B14B7D32ACFB4404796
25444564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25454564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25474564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25494564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25504564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
25514564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
25524564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
25534564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
25544564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\edputil.dll'
25554564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25564564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\edputil.dll'
25574564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
25584564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
25594564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
25604564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8481834FF5C50511102DBD4C26061CFFE0C0211
25614564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
25624564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
25634564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll'
25644564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25654564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25664564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
25674564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
25684564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
25694564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'advapi32.dll'.
25704564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'imm32.dll'.
25714564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
25724564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'gdi32.dll'.
25734564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll) WinVerifyTrust
25744564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
25754564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25764564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25774564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25784564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25794564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
25804564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
25814564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
25824564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25834564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25844564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25854564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25864564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
25874564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
25884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
25894564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
25904564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
25914564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
25924564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25944564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\explorerframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
25954564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
25964564.534: supR3HardenedDllNotificationCallback: load 00007ffaf7100000 LB 0x00495000 C:\Windows\system32\explorerframe.dll [fFlags=0x0]
25974564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ExplorerFrame.dll
25984564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf7100000 'C:\Windows\system32\explorerframe.dll'
25994564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll
26004564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
26014564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
26024564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
26034564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26044564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
26054564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
26064564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dui70.dll)
26074564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dui70.dll
26084564.534: supR3HardenedDllNotificationCallback: load 00007ffaec700000 LB 0x001ab000 C:\Windows\system32\DUI70.dll [fFlags=0x0]
26094564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dui70.dll [avoiding WinVerifyTrust]
26104564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume3\Windows\System32\dui70.dll
26114564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
26124564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
26134564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1510BF236857F46A8A0CA102946C0B1690491DC1
26144564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26154564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26164564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26174564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26204564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
26214564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
26224564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
26234564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1794_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dui70.dll'
26244564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26254564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dui70.dll'
26264564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll'
26274564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
26284564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26294564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
26304564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
26314564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\duser.dll)
26324564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\duser.dll
26334564.534: supR3HardenedDllNotificationCallback: load 00007ffaef7a0000 LB 0x00093000 C:\Windows\system32\DUser.dll [fFlags=0x0]
26344564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\duser.dll [avoiding WinVerifyTrust]
26354564.534: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\duser.dll'.
26364564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\duser.dll' [rescheduled]
26374564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
26384564.534: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
26394564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
26404564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
26414564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26444564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26454564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26474564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26484564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
26494564.534: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
26504564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled]
26514564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\System32\user32.dll'
26524564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\duser.dll [redoing WinVerifyTrust]
26534564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume3\Windows\System32\duser.dll
26544564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
26554564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
26564564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE06C65A782886576C09832F69649332E5F519E
26574564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
26584564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
26594564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\duser.dll'
26604564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26614564.534: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\duser.dll'
26624564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DUser.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
26634564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaef7a0000 'C:\Windows\system32\DUser.dll'
26644564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\System32\user32.dll'
26654564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26664564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26674564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll)
26684564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
26694564.534: supR3HardenedDllNotificationCallback: load 00007ffb1c740000 LB 0x001ae000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
26704564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
26714564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26724564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26734564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26744564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26754564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
26764564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
26774564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll'
26784564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
26794564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
26804564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26814564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shcore.dll'.
26824564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
26834564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll) WinVerifyTrust
26844564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
26854564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26864564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26874564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
26884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
26894564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
26904564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26914564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26924564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
26934564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
26944564.534: supR3HardenedDllNotificationCallback: load 00007ffaff880000 LB 0x0005c000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
26954564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
26964564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaff880000 'C:\Windows\System32\thumbcache.dll'
26974564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume3\Windows\System32\msftedit.dll
26984564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
26994564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
27004564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=267BC169582C0D29EB8471C1650D1AC3042E0E15
27014564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
27024564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
27034564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msftedit.dll'
27044564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27054564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
27064564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msftedit.dll) WinVerifyTrust
27074564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msftedit.dll
27084564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27094564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27104564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MsftEdit.dll (Input=MsftEdit.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
27114564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msftedit.dll
27124564.534: supR3HardenedDllNotificationCallback: load 00007ffb133d0000 LB 0x00339000 C:\Windows\System32\MsftEdit.dll [fFlags=0x0]
27134564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msftedit.dll
27144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb133d0000 'C:\Windows\System32\MsftEdit.dll'
27154564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb8 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
27164564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
27174564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
27184564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D87514FCF2BE2B92F22EEFA7D80B8E73FED8375B
27194564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
27204564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
27214564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1302_for_KB4467702~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll'
27224564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27234564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
27244564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'oleaut32.dll'.
27254564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'rpcrt4.dll'.
27264564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
27274564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'bcp47langs.dll'.
27284564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'bcp47mrm.dll'.
27294564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll) WinVerifyTrust
27304564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
27314564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47mrm.dll'...
27324564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47mrm.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47mrm.dll' [rcNtRedir=0xc0150008]
27334564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
27344564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
27354564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
27364564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll) WinVerifyTrust
27374564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll
27384564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'...
27394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47langs.dll' [rcNtRedir=0xc0150008]
27404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27414564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27424564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
27434564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
27444564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
27454564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
27464564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll) WinVerifyTrust
27474564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
27484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
27494564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
27504564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
27514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27524564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27534564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27544564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27554564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27564564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27574564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
27584564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27594564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27604564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
27614564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
27624564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
27634564.534: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
27644564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.Globalization.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
27654564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
27664564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
27674564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll
27684564.534: supR3HardenedDllNotificationCallback: load 00007ffb13380000 LB 0x00050000 C:\Windows\System32\Bcp47Langs.dll [fFlags=0x0]
27694564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
27704564.534: supR3HardenedDllNotificationCallback: load 00007ffb130c0000 LB 0x00029000 C:\Windows\System32\bcp47mrm.dll [fFlags=0x0]
27714564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47mrm.dll
27724564.534: supR3HardenedDllNotificationCallback: load 00007ffb11000000 LB 0x00189000 C:\Windows\System32\Windows.Globalization.dll [fFlags=0x0]
27734564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Globalization.dll
27744564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11000000 'C:\Windows\System32\Windows.Globalization.dll'
27754564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
27764564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
27774564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'bcp47langs.dll'.
27784564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'.
27794564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\globinputhost.dll)
27804564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\globinputhost.dll
27814564.534: supR3HardenedDllNotificationCallback: load 00007ffb1dd70000 LB 0x0002a000 C:\Windows\SYSTEM32\globinputhost.dll [fFlags=0x0]
27824564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\globinputhost.dll [avoiding WinVerifyTrust]
27834564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d0c pwszName=\Device\HarddiskVolume3\Windows\System32\globinputhost.dll
27844564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
27854564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
27864564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1534582E3472A41541A3E597BA88F75001380C
27874564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27884564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27894564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcp47langs.dll'...
27904564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcp47langs.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcp47langs.dll' [rcNtRedir=0xc0150008]
27914564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\BCP47Langs.dll
27924564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
27954564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
27964564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
27974564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
27984564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
27994564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package001021~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\globinputhost.dll'
28004564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28014564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\globinputhost.dll'
28024564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
28034564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
28044564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23a10000 'C:\Windows\System32\ole32.dll'
28054564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
28064564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28074564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\msctf.dll'
28084564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
28094564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28104564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\system32\msctf.dll'
28114564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
28124564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
28134564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
28144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
28154564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28164564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\xmllite.dll) WinVerifyTrust
28174564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\xmllite.dll
28184564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28194564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28204564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
28214564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll
28224564.534: supR3HardenedDllNotificationCallback: load 00007ffb17360000 LB 0x00039000 C:\Windows\system32\xmllite.dll [fFlags=0x0]
28234564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll
28244564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17360000 'C:\Windows\system32\xmllite.dll'
28254564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
28264564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
28274564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
28284564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
28294564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
28304564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
28314564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
28324564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
28334564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28344564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
28354564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28364564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'shcore.dll'.
28374564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll) WinVerifyTrust
28384564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll
28394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
28404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
28414564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
28424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28444564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28454564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28474564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28484564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\StructuredQuery.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28494564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll
28504564.534: supR3HardenedDllNotificationCallback: load 00007ffb18550000 LB 0x000ab000 C:\Windows\System32\StructuredQuery.dll [fFlags=0x0]
28514564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\StructuredQuery.dll
28524564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18550000 'C:\Windows\System32\StructuredQuery.dll'
28534564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume3\Windows\System32\atlthunk.dll
28544564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
28554564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
28564564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B5BAE9325DA4A6F17F099C18E3EF6C1C488D21B
28574564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
28584564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
28594564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\atlthunk.dll'
28604564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28614564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\atlthunk.dll) WinVerifyTrust
28624564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\atlthunk.dll
28634564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\atlthunk.dll (Input=atlthunk.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
28644564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\atlthunk.dll
28654564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
28664564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
28674564.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28684564.47b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
28694564.47b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll) WinVerifyTrust
28704564.47b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
28714564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28724564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28734564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28744564.47b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28754564.47b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\\Windows.StateRepositoryPS.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28764564.534: supR3HardenedDllNotificationCallback: load 00007ffaffb90000 LB 0x0000c000 C:\Windows\System32\atlthunk.dll [fFlags=0x0]
28774564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\atlthunk.dll
28784564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaffb90000 'C:\Windows\System32\atlthunk.dll'
28794564.47b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
28804564.47b4: supR3HardenedDllNotificationCallback: load 00007ffb15a80000 LB 0x00131000 C:\Windows\System32\Windows.StateRepositoryPS.dll [fFlags=0x0]
28814564.47b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.StateRepositoryPS.dll
28824564.47b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb15a80000 'C:\Windows\System32\\Windows.StateRepositoryPS.dll'
28834564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db4 pwszName=\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
28844564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
28854564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
28864564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F794961C62AEEEDBE3C6D284B2BED25756D6E295
28874564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
28884564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
28894564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
28904564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll'
28914564.21ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28924564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28934564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
28944564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'windows.storage.dll'.
28954564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'windows.storage.dll'...
28964564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll) WinVerifyTrust
28974564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
28984564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Windows.Storage.Search.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
28994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'windows.storage.dll' -> '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rcNtRedir=0xc0150008]
29004564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
29014564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
29024564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
29034564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
29044564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29054564.21ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
29064564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29074564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
29084564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\xmllite.dll
29094564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\xmllite.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29104564.21ac: supR3HardenedDllNotificationCallback: load 00007ffaf47e0000 LB 0x000bd000 C:\Windows\system32\Windows.Storage.Search.dll [fFlags=0x0]
29114564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17360000 'C:\Windows\system32\xmllite.dll'
29124564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.Storage.Search.dll
29134564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf47e0000 'C:\Windows\system32\Windows.Storage.Search.dll'
29144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
29154564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
29164564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'fltlib.dll'.
29174564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cldapi.dll)
29184564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cldapi.dll
29194564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb11440000 LB 0x0001d000 C:\Windows\SYSTEM32\CLDAPI.dll [fFlags=0x0]
29204564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cldapi.dll [avoiding WinVerifyTrust]
29214564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df4 pwszName=\Device\HarddiskVolume3\Windows\System32\cldapi.dll
29224564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
29234564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
29244564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0FEA052919BDD1B162D19DBCEBB2A3111F687E2C
29254564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
29264564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
29274564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [lacks WinVerifyTrust]
29284564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
29294564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
29304564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cldapi.dll'
29314564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29324564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cldapi.dll'
29334564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
29344564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29354564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c740000 'C:\Windows\system32\windowscodecs.dll'
29364564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
29374564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb232b0000 LB 0x00074000 C:\Windows\System32\coml2.dll [fFlags=0x0]
29384564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume3\Windows\System32\drprov.dll
29394564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
29404564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
29414564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CF9537AAD625E2E0D00B2260973DB1E67689249
29424564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
29434564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
29444564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
29454564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
29464564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
29474564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcryptprimitives.dll'.
29484564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\coml2.dll)
29494564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\coml2.dll
29504564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
29514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
29524564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
29534564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
29544564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\drprov.dll'
29554564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29564564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29574564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
29584564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29594564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winsta.dll'.
29604564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\drprov.dll) WinVerifyTrust
29614564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\drprov.dll
29624564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winsta.dll'...
29634564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29644564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
29654564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20890000 'C:\Windows\System32\windows.storage.dll'
29664564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winsta.dll' -> '\Device\HarddiskVolume3\Windows\System32\winsta.dll' [rcNtRedir=0xc0150008]
29674564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29684564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\linkinfo.dll)
29694564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\linkinfo.dll
29704564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb17160000 LB 0x0000d000 C:\Windows\SYSTEM32\LINKINFO.dll [fFlags=0x0]
29714564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\linkinfo.dll [avoiding WinVerifyTrust]
29724564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29734564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29744564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
29754564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
29764564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
29774564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\coml2.dll'
29784564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dec pwszName=\Device\HarddiskVolume3\Windows\System32\linkinfo.dll
29794564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
29804564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
29814564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79BC3FF6528CDFB9282EE87911AC3B0562B5DA4C
29824564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
29834564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
29844564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29854564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winsta.dll) WinVerifyTrust
29864564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winsta.dll
29874564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29884564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29894564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
29904564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll
29914564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winsta.dll
29924564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1f2c0000 LB 0x00056000 C:\Windows\System32\WINSTA.dll [fFlags=0x0]
29934564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winsta.dll
29944564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17c20000 LB 0x0000b000 C:\Windows\System32\drprov.dll [fFlags=0x0]
29954564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll
29964564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\linkinfo.dll'
29974564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17c20000 'C:\Windows\System32\drprov.dll'
29984564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29994564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\linkinfo.dll'
30004564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec4 pwszName=\Device\HarddiskVolume3\Windows\System32\ntlanman.dll
30014564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
30024564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
30034564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
30044564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD38B72E1A4E988BECE59A064EBFC4B1261047F1
30054564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30064564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
30074564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0016~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntlanman.dll'
30084564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30094564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30104564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntlanman.dll) WinVerifyTrust
30114564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
30124564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30134564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30144564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30154564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
30164564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf8a70000 LB 0x00016000 C:\Windows\System32\ntlanman.dll [fFlags=0x0]
30174564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
30184564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8a70000 'C:\Windows\System32\ntlanman.dll'
30194564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ebc pwszName=\Device\HarddiskVolume3\Windows\System32\davclnt.dll
30204564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
30214564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
30224564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=88420B1CF9DBB8B243714E5420E52E40098E7221
30234564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30244564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
30254564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\davclnt.dll'
30264564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30274564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30284564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'davhlpr.dll'.
30294564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\davclnt.dll) WinVerifyTrust
30304564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davclnt.dll
30314564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'davhlpr.dll'...
30324564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'davhlpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\davhlpr.dll' [rcNtRedir=0xc0150008]
30334564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed8 pwszName=\Device\HarddiskVolume3\Windows\System32\davhlpr.dll
30344564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
30354564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
30364564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A1E52EC251FF08444227F7EF4901D327D1E05C9
30374564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30384564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
30394564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\davhlpr.dll'
30404564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30414564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30424564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\davhlpr.dll) WinVerifyTrust
30434564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
30444564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30454564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30464564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30474564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30484564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30494564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll
30504564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
30514564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17820000 LB 0x0000c000 C:\Windows\System32\DAVHLPR.dll [fFlags=0x0]
30524564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davhlpr.dll
30534564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf8570000 LB 0x0001d000 C:\Windows\System32\davclnt.dll [fFlags=0x0]
30544564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll
30554564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8570000 'C:\Windows\System32\davclnt.dll'
30564564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\drprov.dll
30574564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drprov.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30584564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17c20000 'C:\Windows\System32\drprov.dll'
30594564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [redoing WinVerifyTrust]
30604564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30614564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30624564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
30634564.2e34: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'
30644564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
30654564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
30664564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntlanman.dll
30674564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntlanman.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
30684564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8a70000 'C:\Windows\System32\ntlanman.dll'
30694564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bcrypt.dll'.
30704564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
30714564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wkscli.dll)
30724564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wkscli.dll
30734564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb17d70000 LB 0x00017000 C:\Windows\System32\wkscli.dll [fFlags=0x0]
30744564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wkscli.dll [avoiding WinVerifyTrust]
30754564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30764564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30774564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
30784564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
30794564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
30804564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30814564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
30824564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wkscli.dll'
30834564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000edc pwszName=\Device\HarddiskVolume3\Windows\System32\cscapi.dll
30844564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
30854564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
30864564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DB1D8118927E8E6291E31AA26ECDAD1B680670B
30874564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
30884564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
30894564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cscapi.dll'
30904564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30914564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30924564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cscapi.dll) WinVerifyTrust
30934564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cscapi.dll
30944564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30954564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30964564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscapi.dll (Input=cscapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
30974564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll
30984564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb076f0000 LB 0x00012000 C:\Windows\System32\cscapi.dll [fFlags=0x0]
30994564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll
31004564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb076f0000 'C:\Windows\System32\cscapi.dll'
31014564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netutils.dll)
31024564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netutils.dll
31034564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
31044564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1f8a0000 LB 0x0000e000 C:\Windows\System32\netutils.dll [fFlags=0x0]
31054564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
31064564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
31074564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
31084564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31094564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
31104564.2ef0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'combase.dll'.
31114564.2ef0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll) WinVerifyTrust
31124564.2ef0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
31134564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
31144564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
31154564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31164564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31174564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31184564.2ef0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31194564.2ef0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OneCoreUAPCommonProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31204564.2ef0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
31214564.2ef0: supR3HardenedDllNotificationCallback: load 00007ffb1b5d0000 LB 0x0069b000 C:\Windows\System32\OneCoreUAPCommonProxyStub.dll [fFlags=0x0]
31224564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\OneCoreUAPCommonProxyStub.dll
31234564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1b5d0000 'C:\Windows\System32\OneCoreUAPCommonProxyStub.dll'
31244564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\netutils.dll'
31254564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\davclnt.dll
31264564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\davclnt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
31274564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8570000 'C:\Windows\System32\davclnt.dll'
31284564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31294564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31304564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume3\Windows\System32\twinapi.dll
31314564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
31324564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
31334564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E551B01F33916D559CF2E2ACE2E65C9DBD107C6
31344564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
31354564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
31364564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31374564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31384564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\twinapi.dll'
31394564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31404564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31414564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
31424564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
31434564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
31444564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'textinputframework.dll'.
31454564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.dll) WinVerifyTrust
31464564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.dll
31474564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
31484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume3\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
31494564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
31504564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31514564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31524564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
31534564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
31544564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
31554564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
31564564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
31574564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31584564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31594564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\twinapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31604564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.dll
31614564.534: supR3HardenedDllNotificationCallback: load 00007ffb01e90000 LB 0x0009b000 C:\Windows\System32\twinapi.dll [fFlags=0x0]
31624564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.dll
31634564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb01e90000 'C:\Windows\System32\twinapi.dll'
31644564.2ef0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31654564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31664564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31674564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
31684564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\shell32.dll (Input=shell32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
31694564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
31704564.2e34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
31714564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
31724564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1e470000 LB 0x0008b000 C:\Windows\SYSTEM32\apphelp.dll [fFlags=0x0]
31734564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
31744564.2e34: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'.
31754564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled]
31764564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
31774564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
31784564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\System32\ntdll.dll'
31794564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb4 pwszName=\Device\HarddiskVolume3\Windows\System32\dlnashext.dll
31804564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
31814564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
31824564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D786B11B93546459BB0959B74ABE557AA296AE50
31834564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
31844564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
31854564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-avcore-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dlnashext.dll'
31864564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31874564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31884564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'oleaut32.dll'.
31894564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dlnashext.dll) WinVerifyTrust
31904564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dlnashext.dll
31914564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31924564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31934564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
31944564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31954564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31964564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dlnashext.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
31974564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dlnashext.dll
31984564.534: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
31994564.534: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
32004564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
32014564.534: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000fc8 (hFile=0000000000000ff4) with 0xc0000022 -> STATUS_TRUST_FAILURE
32024564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
32034564.534: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ff4 (hFile=0000000000000fc8) with 0xc0000022 -> STATUS_TRUST_FAILURE
32044564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf00f0000 LB 0x0004a000 C:\Windows\System32\dlnashext.dll [fFlags=0x0]
32054564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dlnashext.dll
32064564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf00f0000 'C:\Windows\System32\dlnashext.dll'
32074564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fec pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
32084564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
32094564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
32104564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19F6C79DBE47B428474B0A1A94D7A4925FA87FE8
32114564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
32124564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
32134564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1025_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
32144564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32154564.2e34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
32164564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001024 pwszName=\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
32174564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
32184564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
32194564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F63EA59A2FE63EFA3A4F1A8F43E961B943894F0A
32204564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
32214564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
32224564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
32234564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32244564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23b70000 'C:\Windows\System32\msctf.dll'
32254564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll'
32264564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32274564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32284564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
32294564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll) WinVerifyTrust
32304564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
32314564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32324564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32334564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32344564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32354564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32364564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PlayToDevice.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32374564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
32384564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
32394564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
32404564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
32414564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
32424564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001074 pwszName=\Device\HarddiskVolume3\Windows\System32\actxprxy.dll
32434564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
32444564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
32454564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369042ADB3C740797A470FD44D69B8D07FF6061
32464564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
32474564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
32484564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0018~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\actxprxy.dll'
32494564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32504564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32514564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
32524564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\actxprxy.dll) WinVerifyTrust
32534564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\actxprxy.dll
32544564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32554564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32564564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32574564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32584564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ActXPrxy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
32594564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf56d0000 LB 0x00063000 C:\Windows\System32\PlayToDevice.dll [fFlags=0x0]
32604564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PlayToDevice.dll
32614564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf56d0000 'C:\Windows\System32\PlayToDevice.dll'
32624564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\actxprxy.dll
32634564.534: supR3HardenedDllNotificationCallback: load 00007ffafc190000 LB 0x00097000 C:\Windows\System32\ActXPrxy.dll [fFlags=0x0]
32644564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\actxprxy.dll
32654564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafc190000 'C:\Windows\System32\ActXPrxy.dll'
32664564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
32674564.3f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
32684564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
32694564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32704564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll) WinVerifyTrust
32714564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll
32724564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32734564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32744564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DevDispItemProvider.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
32754564.4a64: \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 df 3e 1c 38 f6 e1 a9 82 7f d7 91 40 e9 03 00 00)
32764564.4a64: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll)
32774564.4a64: Error (rc=0):
32784564.4a64: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'.
32794564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
32804564.4a64: Error (rc=0):
32814564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll
32824564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
32834564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
32844564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf5480000 LB 0x0001e000 C:\Windows\System32\DevDispItemProvider.dll [fFlags=0x0]
32854564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DevDispItemProvider.dll
32864564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf5480000 'C:\Windows\System32\DevDispItemProvider.dll'
32874564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
32884564.4a64: Error (rc=0):
32894564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
32904564.4a64: Error (rc=0):
32914564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
32924564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
32934564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
32944564.4a64: Error (rc=0):
32954564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
32964564.4a64: Error (rc=0):
32974564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
32984564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
32994564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
33004564.4a64: Error (rc=0):
33014564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
33024564.4a64: Error (rc=0):
33034564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
33044564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
33054564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
33064564.4a64: Error (rc=0):
33074564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
33084564.4a64: Error (rc=0):
33094564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
33104564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
33114564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
33124564.4a64: Error (rc=0):
33134564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
33144564.4a64: Error (rc=0):
33154564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
33164564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
33174564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
33184564.4a64: Error (rc=0):
33194564.4a64: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
33204564.4a64: Error (rc=0):
33214564.4a64: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
33224564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
33234564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011d8 pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
33244564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
33254564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
33264564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9A51702A19F6C63BB83D147F8FD87592666F211D
33274564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
33284564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
33294564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
33304564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\comctl32.dll'
33314564.4a64: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll'
33324564.4a64: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33334564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33344564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33354564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
33364564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
33374564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
33384564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
33394564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
33404564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
33414564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
33424564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
33434564.4a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll) WinVerifyTrust
33444564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
33454564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
33464564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
33474564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
33484564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
33494564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
33504564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
33514564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
33524564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'devobj.dll'.
33534564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'propsys.dll'.
33544564.4200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
33554564.4200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
33564564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
33574564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
33584564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
33594564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
33604564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
33614564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
33624564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
33634564.4200: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
33644564.4200: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
33654564.4200: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
33664564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33674564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33684564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33694564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33704564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
33714564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
33724564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
33734564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
33744564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33754564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
33764564.4a64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
33774564.4a64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
33784564.4a64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
33794564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
33804564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
33814564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll
33824564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
33834564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
33844564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
33854564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
33864564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
33874564.4a64: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
33884564.4200: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
33894564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
33904564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
33914564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
33924564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33934564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
33944564.4200: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
33954564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33964564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33974564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33984564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33994564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
34004564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
34014564.4200: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34024564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
34034564.4200: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34044564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
34054564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34064564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34074564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34084564.4a64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34094564.4200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
34104564.4a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34114564.4200: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
34124564.4200: supR3HardenedDllNotificationCallback: load 00007ffb1ffb0000 LB 0x00027000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
34134564.4200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
34144564.4200: supR3HardenedDllNotificationCallback: load 00007ffb16440000 LB 0x00076000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
34154564.4200: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
34164564.4200: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb16440000 'C:\Windows\System32\MMDevApi.dll'
34174564.4a64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
34184564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
34194564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a8 pwszName=\Device\HarddiskVolume3\Windows\System32\wpdshext.dll
34204564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
34214564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
34224564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF411C4284357D09E896CD865422547CE8E1E425
34234564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
34244564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
34254564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wpdshext.dll'
34264564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34274564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34284564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
34294564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
34304564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
34314564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
34324564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdiplus.dll'.
34334564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wpdshext.dll) WinVerifyTrust
34344564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wpdshext.dll
34354564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
34364564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
34374564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000124c pwszName=\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
34384564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
34394564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
34404564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B29157056BC84628E10AAF028774225400A820FA
34414564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
34424564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
34434564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1813_for_KB4471324~31bf3856ad364e35~amd64~~10.0.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll'
34444564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34454564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34464564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
34474564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
34484564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\GdiPlus.dll) WinVerifyTrust
34494564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\GdiPlus.dll
34504564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34514564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34524564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
34534564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
34544564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
34554564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34564564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34574564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34584564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34594564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34604564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34614564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34624564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34634564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34644564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34654564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
34664564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34674564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34684564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wpdshext.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
34694564.4a64: supR3HardenedDllNotificationCallback: load 00007ffb22bb0000 LB 0x0044b000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
34704564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
34714564.4a64: supR3HardenedDllNotificationCallback: load 00007ffafe680000 LB 0x00037000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
34724564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
34734564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe680000 'C:\Windows\System32\EhStorShell.dll'
34744564.4a64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
34754564.4a64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
34764564.4a64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafe680000 'C:\Windows\System32\EhStorShell.dll'
34774564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wpdshext.dll
34784564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
34794564.21ac: Error (rc=0):
34804564.21ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
34814564.21ac: Error (rc=0):
34824564.21ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
34834564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34844564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
34854564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
34864564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
34874564.2e34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll)
34884564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll
34894564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
34904564.21ac: Error (rc=0):
34914564.21ac: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
34924564.21ac: Error (rc=0):
34934564.21ac: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
34944564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
34954564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012f4 pwszName=\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll
34964564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001153800
34974564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001153800
34984564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaff6d0000 LB 0x0019a000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\gdiplus.dll [fFlags=0x0]
34994564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll [avoiding WinVerifyTrust]
35004564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf66d0000 LB 0x001e1000 C:\Windows\system32\wpdshext.dll [fFlags=0x0]
35014564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wpdshext.dll
35024564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf66d0000 'C:\Windows\system32\wpdshext.dll'
35034564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
35044564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
35054564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35064564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35074564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35084564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35094564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll'
35104564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0e840000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.472_none_fb3f9af53068156d\Comctl32.dll'
35114564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001364 pwszName=\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
35124564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000a88a840
35134564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
35144564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7CC541089F78F23129583FF74E5C38F6B5E14C2
35154564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D766A36B546A5168A943DF2989F836F88CA44D2
35164564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
35174564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
35184564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
35194564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
35204564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-WPD-UltimatePortableDeviceFeature-Feature-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll'
35214564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35224564.21ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1813_for_KB4483234~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll'
35234564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35244564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
35254564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll) WinVerifyTrust
35264564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
35274564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35284564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35294564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35304564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35314564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\PortableDeviceApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
35324564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
35334564.21ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35344564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\GdiPlus.dll'
35354564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35364564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35374564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35384564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35394564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35404564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaf10b0000 LB 0x0009c000 C:\Windows\System32\PortableDeviceApi.dll [fFlags=0x0]
35414564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\PortableDeviceApi.dll
35424564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf10b0000 'C:\Windows\System32\PortableDeviceApi.dll'
35434564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35444564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35454564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
35464564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35474564.2a6c: Error (rc=0):
35484564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll
35494564.2a6c: Error (rc=0):
35504564.2a6c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll' (C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll): rcNt=0xc0000190
35514564.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll'
35524564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35534564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35544564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013bc pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
35554564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
35564564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
35574564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35584564.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35594564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C79A9C7FF4206A48DABB389F73838D462F3034B6
35604564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35614564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35624564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
35634564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35644564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35654564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35664564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35674564.2ef0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\Vishal\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
35684564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
35694564.2e34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll'
35704564.2e34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35714564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35724564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
35734564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
35744564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
35754564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
35764564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
35774564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wtsapi32.dll'.
35784564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll) WinVerifyTrust
35794564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
35804564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
35814564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
35824564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
35834564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
35844564.2e34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35854564.2e34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wtsapi32.dll) WinVerifyTrust
35864564.2e34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
35874564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
35884564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
35894564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
35904564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
35914564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
35924564.2e34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
35934564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
35944564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
35954564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
35964564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
35974564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
35984564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
35994564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36004564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36014564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36024564.2e34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36034564.2e34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorAPI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
36044564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
36054564.2e34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
36064564.2e34: supR3HardenedDllNotificationCallback: load 00007ffb1cbf0000 LB 0x00013000 C:\Windows\System32\WTSAPI32.dll [fFlags=0x0]
36074564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wtsapi32.dll
36084564.2e34: supR3HardenedDllNotificationCallback: load 00007ffaef850000 LB 0x00025000 C:\Windows\System32\EhStorAPI.dll [fFlags=0x0]
36094564.2e34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorAPI.dll
36104564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaef850000 'C:\Windows\System32\EhStorAPI.dll'
36114564.2e34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
36124564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36134564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
36144564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
36154564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
36164564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'sspicli.dll'.
36174564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
36184564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'propsys.dll'.
36194564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
36204564.21ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ntshrui.dll)
36214564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntshrui.dll
36224564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume3\Windows\System32\ntshrui.dll
36234564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
36244564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
36254564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31DC55F045F3A7865880C09562CB550FA861F0DD
36264564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36284564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
36294564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
36304564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
36314564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
36324564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sspicli.dll)
36334564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
36344564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sspicli.dll
36354564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
36364564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sspicli.dll'...
36374564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'sspicli.dll' -> '\Device\HarddiskVolume3\Windows\System32\sspicli.dll' [rcNtRedir=0xc0150008]
36384564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [lacks WinVerifyTrust]
36394564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
36404564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
36414564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
36424564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
36434564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
36444564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
36454564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
36464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
36474564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb200d0000 LB 0x00030000 C:\Windows\SYSTEM32\SspiCli.dll [fFlags=0x0]
36484564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
36494564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
36504564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36514564.21ac: supR3HardenedDllNotificationCallback: load 00007ffafcef0000 LB 0x000da000 C:\Windows\SYSTEM32\ntshrui.dll [fFlags=0x0]
36524564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36534564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ntshrui.dll [avoiding WinVerifyTrust]
36544564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
36554564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
36564564.21ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
36574564.21ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\srvcli.dll)
36584564.21ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\srvcli.dll
36594564.21ac: supR3HardenedDllNotificationCallback: load 00007ffb0a090000 LB 0x00026000 C:\Windows\SYSTEM32\srvcli.dll [fFlags=0x0]
36604564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
36614564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
36624564.21ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
36634564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
36644564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntshrui.dll'
36654564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36664564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
36674564.534: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntshrui.dll'
36684564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
36694564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd0 pwszName=\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
36704564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
36714564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
36724564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\srvcli.dll'
36734564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
36744564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46012622E4C634E9BD2E2CD2F9AD4B70A49688AA
36754564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
36764564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
36774564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
36784564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll'
36794564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
36804564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
36814564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
36824564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ole32.dll'.
36834564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'shlwapi.dll'.
36844564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'shell32.dll'.
36854564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'.
36864564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'.
36874564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
36884564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\networkexplorer.dll) WinVerifyTrust
36894564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
36904564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36914564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36924564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
36934564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
36944564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
36954564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
36964564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
36974564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
36984564.21ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sspicli.dll'
36994564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
37004564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
37014564.21ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cscapi.dll
37024564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
37034564.21ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cscapi.dll (Input=cscapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37044564.21ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb076f0000 'C:\Windows\System32\cscapi.dll'
37054564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
37064564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
37074564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
37084564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
37094564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37104564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37114564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NetworkExplorer.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
37124564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
37134564.534: supR3HardenedDllNotificationCallback: load 00007ffae8f70000 LB 0x00127000 C:\Windows\system32\NetworkExplorer.dll [fFlags=0x0]
37144564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\networkexplorer.dll
37154564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8f70000 'C:\Windows\system32\NetworkExplorer.dll'
37164564.3f28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37174564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37184564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37194564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37204564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37214564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37224564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37234564.534: supR3HardenedDllNotificationCallback: Unload 00007ffb133d0000 LB 0x00339000 C:\Windows\System32\MsftEdit.dll [flags=0x0]
37244564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37254564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37264564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37274564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\System32\shell32.dll'
37284564.534: supR3HardenedDllNotificationCallback: Unload 00007ffb17360000 LB 0x00039000 C:\Windows\system32\xmllite.dll [flags=0x0]
37294564.2e34: supR3HardenedDllNotificationCallback: Unload 00007ffaf66d0000 LB 0x001e1000 C:\Windows\system32\wpdshext.dll [flags=0x0]
37304564.2e34: supR3HardenedDllNotificationCallback: Unload 00007ffaff6d0000 LB 0x0019a000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.472_none_2c2a8dda8afa8f3b\gdiplus.dll [flags=0x0]
37314564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23a10000 'C:\Windows\System32\ole32.dll'
37324564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23490000 'C:\Windows\System32\OLEAUT32.dll'
37334564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
37344564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
37354564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
37364564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B
37374564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
37384564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
37394564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
37404564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37414564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37424564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
37434564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
37444564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
37454564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
37464564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
37474564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
37484564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
37494564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
37504564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
37514564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
37524564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
37534564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
37544564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
37554564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
37564564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
37574564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37584564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37594564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
37604564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
37614564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
37624564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
37634564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
37644564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
37654564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
37664564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37674564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37684564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
37694564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
37704564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
37714564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
37724564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
37734564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
37744564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
37754564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
37764564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
37774564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
37784564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
37794564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
37804564.534: supR3HardenedDllNotificationCallback: load 00007ffb106c0000 LB 0x00083000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
37814564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
37824564.534: supR3HardenedDllNotificationCallback: load 00007ffb0c410000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
37834564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
37844564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
37854564.534: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
37864564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
37874564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0c410000 'C:\Windows\system32\wbem\wbemprox.dll'
37884564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
37894564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
37904564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
37914564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
37924564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
37934564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
37944564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
37954564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
37964564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
37974564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
37984564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
37994564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
38004564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38014564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38024564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38034564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38044564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
38054564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
38064564.534: supR3HardenedDllNotificationCallback: load 00007ffb0ee90000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
38074564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
38084564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ee90000 'C:\Windows\system32\wbem\wbemsvc.dll'
38094564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
38104564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
38114564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-l1-2-0.dll'
38124564.534: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
38134564.534: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
38144564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20570000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
38154564.534: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
38164564.534: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
38174564.534: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
38184564.534: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
38194564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
38204564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
38214564.534: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
38224564.534: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38234564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38244564.534: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
38254564.534: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
38264564.534: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
38274564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
38284564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
38294564.534: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
38304564.534: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38314564.534: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38324564.534: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
38334564.534: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
38344564.534: supR3HardenedDllNotificationCallback: load 00007ffb0ecc0000 LB 0x000f2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
38354564.534: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
38364564.534: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0ecc0000 'C:\Windows\system32\wbem\fastprox.dll'
38374564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
38384564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
38394564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
38404564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
38414564.4540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
38424564.4540: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
38434564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
38444564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
38454564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
38464564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
38474564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
38484564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
38494564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
38504564.4540: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
38514564.4540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
38524564.4540: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
38534564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
38544564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
38554564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38564564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38574564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
38584564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
38594564.4540: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
38604564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
38614564.4540: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
38624564.4540: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38634564.4540: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
38644564.4540: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
38654564.4540: supR3HardenedDllNotificationCallback: load 0000000075260000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
38664564.4540: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
38674564.4540: supR3HardenedDllNotificationCallback: load 00007ffaee110000 LB 0x00325000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
38684564.4540: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
38694564.4540: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaee110000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
38704564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
38714564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
38724564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
38734564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
38744564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
38754564.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
38764564.1b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
38774564.1b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
38784564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
38794564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
38804564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
38814564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
38824564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
38834564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
38844564.1b24: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
38854564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
38864564.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
38874564.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
38884564.1b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
38894564.1b24: supR3HardenedDllNotificationCallback: load 00007ffb1bfe0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
38904564.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
38914564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1bfe0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
38924564.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb215d0000 'C:\Windows\system32\User32.dll'
38934564.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
38944564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
38954564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
38964564.2988: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
38974564.2988: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
38984564.2988: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
38994564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
39004564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
39014564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
39024564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
39034564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
39044564.2988: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
39054564.2988: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39064564.2988: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
39074564.2988: supR3HardenedDllNotificationCallback: load 00007ffb18630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
39084564.2988: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
39094564.2988: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb18630000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
39104564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21770000 'C:\Windows\system32\Shell32.dll'
39114564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf8 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
39124564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
39134564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
39144564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A7181E087C6ECA0DCCA8A166331DF79FF089117
39154564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
39164564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
39174564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
39184564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
39194564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vid.dll'.
39204564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
39214564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
39224564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
39234564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
39244564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
39254564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
39264564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
39274564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf4 pwszName=\Device\HarddiskVolume3\Windows\System32\vid.dll
39284564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
39294564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
39304564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F454C22DC5AFF4C1E546711FF3DA50D9DE5A940C
39314564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
39324564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
39334564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HyperV-VID-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\vid.dll'
39344564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
39354564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'devobj.dll'.
39364564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
39374564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
39384564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
39394564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
39404564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
39414564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39424564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
39434564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
39444564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb182b0000 LB 0x0000f000 C:\Windows\SYSTEM32\vid.dll [fFlags=0x0]
39454564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
39464564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb17a60000 LB 0x00018000 C:\Windows\system32\WinHvPlatform.dll [fFlags=0x0]
39474564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
39484564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17a60000 'C:\Windows\system32\WinHvPlatform.dll'
39494564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
39504564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39514564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb182b0000 'C:\Windows\system32\vid.dll'
39524564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
39534564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
39544564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb23e90000 'C:\Windows\system32\NTDLL.DLL'
39554564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
39564564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
39574564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
39584564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
39594564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
39604564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
39614564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
39624564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
39634564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
39644564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
39654564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
39664564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
39674564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
39684564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
39694564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
39704564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
39714564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
39724564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
39734564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
39744564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
39754564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
39764564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
39774564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
39784564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
39794564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
39804564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
39814564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
39824564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
39834564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
39844564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
39854564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
39864564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
39874564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
39884564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
39894564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
39904564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
39914564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
39924564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
39934564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
39944564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
39954564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
39964564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
39974564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
39984564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
39994564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40004564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
40014564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
40024564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
40034564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
40044564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
40054564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
40064564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
40074564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40084564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40094564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
40104564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
40114564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
40124564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
40134564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
40144564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
40154564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
40164564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
40174564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
40184564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
40194564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
40204564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
40214564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40224564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40234564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
40244564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
40254564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40264564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
40274564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
40284564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
40294564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
40304564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffaedf40000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
40314564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
40324564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffaf5500000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
40334564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
40344564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1f7a0000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
40354564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
40364564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffada7a0000 LB 0x009d7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
40374564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
40384564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffada7a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
40394564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40404564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
40414564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40424564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf3a0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
40434564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40444564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
40454564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40464564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf5500000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
40474564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40484564.2994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40494564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
40504564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
40514564.2994: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
40524564.2994: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
40534564.2994: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
40544564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40554564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40564564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
40574564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
40584564.2994: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
40594564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
40604564.2994: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
40614564.2994: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40624564.2994: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
40634564.2994: supR3HardenedDllNotificationCallback: load 00007ffb10f70000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
40644564.2994: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
40654564.2994: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb10f70000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
40664564.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40674564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
40684564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
40694564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
40704564.49b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
40714564.49b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
40724564.49b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
40734564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40744564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40754564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
40764564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
40774564.49b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
40784564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
40794564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
40804564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
40814564.49b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
40824564.49b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
40834564.49b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
40844564.49b4: supR3HardenedDllNotificationCallback: load 00007ffb17be0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
40854564.49b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
40864564.49b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17be0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
40874564.4af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
40884564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
40894564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
40904564.4af8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
40914564.4af8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
40924564.4af8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
40934564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
40944564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
40954564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
40964564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
40974564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
40984564.4af8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
40994564.4af8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41004564.4af8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
41014564.4af8: supR3HardenedDllNotificationCallback: load 00007ffb177f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
41024564.4af8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
41034564.4af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb177f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
41044564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
41054564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41064564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f7a0000 'C:\Windows\system32\Iphlpapi.dll'
41074564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
41084564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
41094564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
41104564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
41114564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb21320000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
41124564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
41134564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
41144564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16d30000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
41154564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
41164564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
41174564.2c6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
41184564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
41194564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16d10000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
41204564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
41214564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
41224564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
41234564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
41244564.2c6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
41254564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
41264564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb16cf0000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
41274564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
41284564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001088 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
41294564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
41304564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
41314564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F7955EB983A0B99F7EADAA9D82F084658BFF7D9
41324564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
41334564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
41344564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
41354564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
41364564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
41374564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
41384564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
41394564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
41404564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
41414564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
41424564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
41434564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
41444564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
41454564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
41464564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
41474564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
41484564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
41494564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_998_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
41504564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
41514564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
41524564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f60 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
41534564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
41544564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
41554564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D65F2124F64B53555EFB8BC0D52BFD144939BAA4
41564564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
41574564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
41584564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_998_for_KB4467682~31bf3856ad364e35~amd64~~10.0.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
41594564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
41604564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
41614564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
41624564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
41634564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
41644564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
41654564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
41664564.2c6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
41674564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000014a8 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
41684564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
41694564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
41704564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5473BCFF580489A320314B844E6D3DC42BA47DE8
41714564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
41724564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
41734564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
41744564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
41754564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
41764564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
41774564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
41784564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
41794564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
41804564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
41814564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
41824564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
41834564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
41844564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
41854564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
41864564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb14c00000 LB 0x0008f000 C:\Windows\System32\dsound.dll [fFlags=0x0]
41874564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
41884564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
41894564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
41904564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\System32\dsound.dll'
41914564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\System32\dsound.dll'
41924564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
41934564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41944564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\system32\dsound.dll'
41954564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
41964564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
41974564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb16440000 'C:\Windows\System32\MMDEVAPI.DLL'
41984564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
41994564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
42004564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
42014564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000014bc pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42024564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
42034564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
42044564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=177AADB38B3BB8D75072CC704861E1B81617F092
42054564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
42064564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
42074564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
42084564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
42094564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
42104564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
42114564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
42124564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
42134564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
42144564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42154564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
42164564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
42174564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
42184564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
42194564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42204564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
42214564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
42224564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
42234564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
42244564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
42254564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
42264564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
42274564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
42284564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
42294564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
42304564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
42314564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
42324564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
42334564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
42344564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
42354564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
42364564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
42374564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42384564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42394564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
42404564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
42414564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb19ea0000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
42424564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
42434564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1c730000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
42444564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
42454564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffafdde0000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
42464564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42474564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42484564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42494564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42504564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42514564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42524564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42534564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42544564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42554564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42564564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42574564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42584564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42594564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42604564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
42614564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
42624564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
42634564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
42644564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
42654564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
42664564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
42674564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
42684564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
42694564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
42704564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
42714564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
42724564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
42734564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
42744564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
42754564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
42764564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
42774564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
42784564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
42794564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
42804564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
42814564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
42824564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
42834564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
42844564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb14ec0000 LB 0x0012c000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
42854564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
42864564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14ec0000 'C:\Windows\System32\AUDIOSES.DLL'
42874564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42884564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42894564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42904564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
42914564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
42924564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42934564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42944564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42954564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42964564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafdde0000 'C:\Windows\System32\wdmaud.drv'
42974564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000013b0 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
42984564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
42994564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
43004564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7886E1CCA739C1E5ED73D45A3FBDDF8A54FC7C0F
43014564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
43024564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
43034564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
43044564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
43054564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
43064564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
43074564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
43084564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
43094564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
43104564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43114564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
43124564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
43134564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
43144564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
43154564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
43164564.2c6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
43174564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
43184564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
43194564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
43204564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
43214564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
43224564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
43234564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
43244564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
43254564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
43264564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
43274564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
43284564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
43294564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
43304564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
43314564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43324564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43334564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
43344564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb18760000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
43354564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
43364564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1cc10000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0]
43374564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43384564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43394564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43404564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43414564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43424564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43434564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43444564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43454564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43464564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43474564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43484564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43494564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43504564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43514564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43524564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43534564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43544564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
43554564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43564564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43574564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43584564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43594564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1cc10000 'C:\Windows\System32\msacm32.drv'
43604564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001520 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
43614564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000a88a840
43624564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000a88a840
43634564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DAEA3709B4BD5475FA0919C8463CA4834E4BC26
43644564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1f5d0000 'C:\Windows\system32\rsaenh.dll'
43654564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20310000 'C:\Windows\System32\crypt32.dll'
43664564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
43674564.2c6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
43684564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
43694564.2c6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
43704564.2c6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
43714564.2c6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
43724564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
43734564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
43744564.2c6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
43754564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
43764564.2c6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
43774564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43784564.2c6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
43794564.2c6c: supR3HardenedDllNotificationCallback: load 00007ffb1c0f0000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
43804564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
43814564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
43824564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
43834564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43844564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
43854564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
43864564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43874564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
43884564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
43894564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
43904564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1c0f0000 'C:\Windows\System32\midimap.dll'
43914564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43924564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43934564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43944564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43954564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43964564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43974564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
43984564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
43994564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
44004564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
44014564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
44024564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
44034564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
44044564.2c6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
44054564.2c6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
44064564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb14c00000 'C:\Windows\system32\dsound.dll'
44074564.2c6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1db20000 'C:\Windows\System32\winmm.dll'
44084564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb15a80000 LB 0x00131000 C:\Windows\System32\Windows.StateRepositoryPS.dll [flags=0x0]
44094564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb11000000 LB 0x00189000 C:\Windows\System32\Windows.Globalization.dll [flags=0x0]
44104564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb130c0000 LB 0x00029000 C:\Windows\System32\bcp47mrm.dll [flags=0x0]
44114564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb1dd70000 LB 0x0002a000 C:\Windows\SYSTEM32\globinputhost.dll [flags=0x0]
44124564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb13380000 LB 0x00050000 C:\Windows\System32\Bcp47Langs.dll [flags=0x0]
44134564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf10b0000 LB 0x0009c000 C:\Windows\System32\PortableDeviceApi.dll [flags=0x0]
44144564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf47e0000 LB 0x000bd000 C:\Windows\system32\Windows.Storage.Search.dll [flags=0x0]
44154564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaef850000 LB 0x00025000 C:\Windows\System32\EhStorAPI.dll [flags=0x0]
44164564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffb1cbf0000 LB 0x00013000 C:\Windows\System32\WTSAPI32.dll [flags=0x0]
44174564.2ef0: supR3HardenedDllNotificationCallback: Unload 00007ffaf56d0000 LB 0x00063000 C:\Windows\System32\PlayToDevice.dll [flags=0x0]

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy