VirtualBox

Ticket #11004: Hardening.log

File Hardening.log, 492.7 KB (added by JN, 4 years ago)
Line 
13b0c.3b68: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047bb00
23b0c.3b68: \SystemRoot\System32\ntdll.dll:
33b0c.3b68: CreationTime: 2020-05-17T22:11:24.509525300Z
43b0c.3b68: LastWriteTime: 2020-05-17T22:11:24.545692200Z
53b0c.3b68: ChangeTime: 2020-06-28T23:59:28.350729100Z
63b0c.3b68: FileAttributes: 0x20
73b0c.3b68: Size: 0x1e8460
83b0c.3b68: NT Headers: 0xd8
93b0c.3b68: Timestamp: 0xb29ecf52
103b0c.3b68: Machine: 0x8664 - amd64
113b0c.3b68: Timestamp: 0xb29ecf52
123b0c.3b68: Image Version: 10.0
133b0c.3b68: SizeOfImage: 0x1f0000 (2031616)
143b0c.3b68: Resource Dir: 0x17f000 LB 0x6f310
153b0c.3b68: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163b0c.3b68: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173b0c.3b68: ProductName: Microsoft® Windows® Operating System
183b0c.3b68: ProductVersion: 10.0.18362.815
193b0c.3b68: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
203b0c.3b68: FileDescription: NT Layer DLL
213b0c.3b68: \SystemRoot\System32\kernel32.dll:
223b0c.3b68: CreationTime: 2020-06-28T23:58:48.597410000Z
233b0c.3b68: LastWriteTime: 2020-06-28T23:58:48.628658800Z
243b0c.3b68: ChangeTime: 2020-06-29T00:02:09.042659400Z
253b0c.3b68: FileAttributes: 0x20
263b0c.3b68: Size: 0xb0498
273b0c.3b68: NT Headers: 0xe8
283b0c.3b68: Timestamp: 0xce6bbd73
293b0c.3b68: Machine: 0x8664 - amd64
303b0c.3b68: Timestamp: 0xce6bbd73
313b0c.3b68: Image Version: 10.0
323b0c.3b68: SizeOfImage: 0xb2000 (729088)
333b0c.3b68: Resource Dir: 0xb0000 LB 0x520
343b0c.3b68: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353b0c.3b68: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363b0c.3b68: ProductName: Microsoft® Windows® Operating System
373b0c.3b68: ProductVersion: 10.0.18362.900
383b0c.3b68: FileVersion: 10.0.18362.900 (WinBuild.160101.0800)
393b0c.3b68: FileDescription: Windows NT BASE API Client DLL
403b0c.3b68: \SystemRoot\System32\KernelBase.dll:
413b0c.3b68: CreationTime: 2020-05-17T22:11:25.000591700Z
423b0c.3b68: LastWriteTime: 2020-05-17T22:11:25.073497400Z
433b0c.3b68: ChangeTime: 2020-06-28T23:59:28.366354800Z
443b0c.3b68: FileAttributes: 0x20
453b0c.3b68: Size: 0x2a4068
463b0c.3b68: NT Headers: 0xf8
473b0c.3b68: Timestamp: 0xb89efff3
483b0c.3b68: Machine: 0x8664 - amd64
493b0c.3b68: Timestamp: 0xb89efff3
503b0c.3b68: Image Version: 10.0
513b0c.3b68: SizeOfImage: 0x2a4000 (2768896)
523b0c.3b68: Resource Dir: 0x27e000 LB 0x548
533b0c.3b68: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543b0c.3b68: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553b0c.3b68: ProductName: Microsoft® Windows® Operating System
563b0c.3b68: ProductVersion: 10.0.18362.815
573b0c.3b68: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
583b0c.3b68: FileDescription: Windows NT BASE API Client DLL
593b0c.3b68: \SystemRoot\System32\apisetschema.dll:
603b0c.3b68: CreationTime: 2019-03-19T04:43:54.837151500Z
613b0c.3b68: LastWriteTime: 2019-03-19T04:43:54.837151500Z
623b0c.3b68: ChangeTime: 2020-06-28T23:59:28.178854600Z
633b0c.3b68: FileAttributes: 0x20
643b0c.3b68: Size: 0x1d028
653b0c.3b68: NT Headers: 0xc8
663b0c.3b68: Timestamp: 0xd6ced080
673b0c.3b68: Machine: 0x8664 - amd64
683b0c.3b68: Timestamp: 0xd6ced080
693b0c.3b68: Image Version: 10.0
703b0c.3b68: SizeOfImage: 0x1e000 (122880)
713b0c.3b68: Resource Dir: 0x1d000 LB 0x408
723b0c.3b68: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733b0c.3b68: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743b0c.3b68: ProductName: Microsoft® Windows® Operating System
753b0c.3b68: ProductVersion: 10.0.18362.1
763b0c.3b68: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
773b0c.3b68: FileDescription: ApiSet Schema DLL
783b0c.3b68: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793b0c.3b68: supR3HardenedWinFindAdversaries: 0x8
803b0c.3b68: \SystemRoot\System32\drivers\tmcomm.sys:
813b0c.3b68: CreationTime: 2018-06-06T09:23:47.871204000Z
823b0c.3b68: LastWriteTime: 2015-05-29T07:43:22.783229500Z
833b0c.3b68: ChangeTime: 2020-05-14T23:41:00.826506900Z
843b0c.3b68: FileAttributes: 0x2020
853b0c.3b68: Size: 0x4b098
863b0c.3b68: NT Headers: 0xe8
873b0c.3b68: Timestamp: 0x5568186c
883b0c.3b68: Machine: 0x8664 - amd64
893b0c.3b68: Timestamp: 0x5568186c
903b0c.3b68: Image Version: 6.0
913b0c.3b68: SizeOfImage: 0x4f000 (323584)
923b0c.3b68: Resource Dir: 0x4d000 LB 0x760
933b0c.3b68: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
943b0c.3b68: [Raw version resource data: 0x4d060 LB 0x700, codepage 0x0 (reserved 0x0)]
953b0c.3b68: ProductName: Trend Micro Eyes
963b0c.3b68: ProductVersion: 6.50
973b0c.3b68: FileVersion: 6.50.0.1058
983b0c.3b68: SpecialBuild: 1058
993b0c.3b68: PrivateBuild: Build 1058 - 5/29/2015
1003b0c.3b68: FileDescription: TrendMicro Common Module
1013b0c.3b68: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
1023b0c.3b68: Calling main()
1033b0c.3b68: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1043b0c.3b68: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
1053b0c.3b68: SUPR3HardenedMain: Respawn #1
1063b0c.3b68: System32: \Device\HarddiskVolume6\Windows\System32
1073b0c.3b68: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS
1083b0c.3b68: KnownDllPath: C:\Windows\System32
1093b0c.3b68: supR3HardenedWinInit: Performing a limited self purification...
1103b0c.3b68: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1113b0c.3b68: *0000000000000000-000000000038ffff 0x0001/0x0000 0x0000000
1123b0c.3b68: *0000000000390000-000000000039ffff 0x0004/0x0004 0x0040000
1133b0c.3b68: 00000000003a0000-00000000003affff 0x0001/0x0000 0x0000000
1143b0c.3b68: *00000000003b0000-00000000003cafff 0x0002/0x0002 0x0040000
1153b0c.3b68: 00000000003cb000-00000000003cffff 0x0001/0x0000 0x0000000
1163b0c.3b68: *00000000003d0000-00000000003d3fff 0x0002/0x0002 0x0040000
1173b0c.3b68: 00000000003d4000-00000000003dffff 0x0001/0x0000 0x0000000
1183b0c.3b68: *00000000003e0000-00000000003e1fff 0x0004/0x0004 0x0020000
1193b0c.3b68: 00000000003e2000-00000000003fffff 0x0001/0x0000 0x0000000
1203b0c.3b68: *0000000000400000-000000000051dfff 0x0000/0x0004 0x0020000
1213b0c.3b68: 000000000051e000-0000000000520fff 0x0004/0x0004 0x0020000
1223b0c.3b68: 0000000000521000-00000000005fffff 0x0000/0x0004 0x0020000
1233b0c.3b68: *0000000000600000-00000000006b0fff 0x0000/0x0004 0x0020000
1243b0c.3b68: 00000000006b1000-00000000006b3fff 0x0104/0x0004 0x0020000
1253b0c.3b68: 00000000006b4000-00000000006fffff 0x0004/0x0004 0x0020000
1263b0c.3b68: *0000000000700000-00000000007c6fff 0x0002/0x0002 0x0040000
1273b0c.3b68: 00000000007c7000-00000000007cffff 0x0001/0x0000 0x0000000
1283b0c.3b68: *00000000007d0000-00000000007d1fff 0x0004/0x0004 0x0020000
1293b0c.3b68: 00000000007d2000-0000000000801fff 0x0000/0x0004 0x0020000
1303b0c.3b68: 0000000000802000-000000000082ffff 0x0001/0x0000 0x0000000
1313b0c.3b68: *0000000000830000-0000000000835fff 0x0004/0x0004 0x0020000
1323b0c.3b68: 0000000000836000-000000000092ffff 0x0000/0x0004 0x0020000
1333b0c.3b68: *0000000000930000-000000000094cfff 0x0004/0x0004 0x0020000
1343b0c.3b68: 000000000094d000-0000000000a2ffff 0x0000/0x0004 0x0020000
1353b0c.3b68: 0000000000a30000-0000000000adffff 0x0001/0x0000 0x0000000
1363b0c.3b68: *0000000000ae0000-0000000000aeefff 0x0004/0x0004 0x0020000
1373b0c.3b68: 0000000000aef000-0000000000aeffff 0x0000/0x0004 0x0020000
1383b0c.3b68: *0000000000af0000-0000000000af0fff 0x0000/0x0004 0x0020000
1393b0c.3b68: 0000000000af1000-0000000000ce1fff 0x0004/0x0004 0x0020000
1403b0c.3b68: 0000000000ce2000-0000000000ce2fff 0x0000/0x0004 0x0020000
1413b0c.3b68: 0000000000ce3000-000000007ffdffff 0x0001/0x0000 0x0000000
1423b0c.3b68: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1433b0c.3b68: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
1443b0c.3b68: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
1453b0c.3b68: 000000007ffe8000-00007ff41dd9ffff 0x0001/0x0000 0x0000000
1463b0c.3b68: *00007ff41dda0000-00007ff41dda4fff 0x0002/0x0002 0x0040000
1473b0c.3b68: 00007ff41dda5000-00007ff41de9ffff 0x0000/0x0002 0x0040000
1483b0c.3b68: *00007ff41dea0000-00007ff51debffff 0x0000/0x0004 0x0020000
1493b0c.3b68: *00007ff51dec0000-00007ff51febffff 0x0000/0x0004 0x0020000
1503b0c.3b68: 00007ff51fec0000-00007ff51fec0fff 0x0004/0x0004 0x0020000
1513b0c.3b68: 00007ff51fec1000-00007ff51fecffff 0x0001/0x0000 0x0000000
1523b0c.3b68: *00007ff51fed0000-00007ff51fed0fff 0x0002/0x0002 0x0040000
1533b0c.3b68: 00007ff51fed1000-00007ff51fedffff 0x0001/0x0000 0x0000000
1543b0c.3b68: *00007ff51fee0000-00007ff51ff02fff 0x0002/0x0002 0x0040000
1553b0c.3b68: 00007ff51ff03000-00007ff75171ffff 0x0001/0x0000 0x0000000
1563b0c.3b68: *00007ff751720000-00007ff751720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1573b0c.3b68: 00007ff751721000-00007ff751796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1583b0c.3b68: 00007ff751797000-00007ff751797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1593b0c.3b68: 00007ff751798000-00007ff7517dffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1603b0c.3b68: 00007ff7517e0000-00007ff7517e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1613b0c.3b68: 00007ff7517e3000-00007ff7517e5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1623b0c.3b68: 00007ff7517e6000-00007ff7517e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1633b0c.3b68: 00007ff7517e9000-00007ff7517e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1643b0c.3b68: 00007ff7517ea000-00007ff7517ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1653b0c.3b68: 00007ff7517ec000-00007ff7517ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1663b0c.3b68: 00007ff7517ed000-00007ff751835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1673b0c.3b68: 00007ff751836000-00007ffb4edeffff 0x0001/0x0000 0x0000000
1683b0c.3b68: *00007ffb4edf0000-00007ffb4edf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
1693b0c.3b68: 00007ffb4edf1000-00007ffb4eef5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
1703b0c.3b68: 00007ffb4eef6000-00007ffb4f058fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
1713b0c.3b68: 00007ffb4f059000-00007ffb4f05cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
1723b0c.3b68: 00007ffb4f05d000-00007ffb4f05dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
1733b0c.3b68: 00007ffb4f05e000-00007ffb4f093fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
1743b0c.3b68: 00007ffb4f094000-00007ffb5032ffff 0x0001/0x0000 0x0000000
1753b0c.3b68: *00007ffb50330000-00007ffb50330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1763b0c.3b68: 00007ffb50331000-00007ffb503a5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1773b0c.3b68: 00007ffb503a6000-00007ffb503d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1783b0c.3b68: 00007ffb503d8000-00007ffb503d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1793b0c.3b68: 00007ffb503d9000-00007ffb503d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1803b0c.3b68: 00007ffb503da000-00007ffb503e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1813b0c.3b68: 00007ffb503e2000-00007ffb51e5ffff 0x0001/0x0000 0x0000000
1823b0c.3b68: *00007ffb51e60000-00007ffb51e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1833b0c.3b68: 00007ffb51e61000-00007ffb51f77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1843b0c.3b68: 00007ffb51f78000-00007ffb51fbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1853b0c.3b68: 00007ffb51fbf000-00007ffb51fbffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1863b0c.3b68: 00007ffb51fc0000-00007ffb51fc1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1873b0c.3b68: 00007ffb51fc2000-00007ffb51fcafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1883b0c.3b68: 00007ffb51fcb000-00007ffb5204ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
1893b0c.3b68: 00007ffb52050000-00007ffffffeffff 0x0001/0x0000 0x0000000
1903b0c.3b68: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
1913b0c.3b68: kernelbase.dll: timestamp 0xb89efff3 (rc=VINF_SUCCESS)
1923b0c.3b68: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
1933b0c.3b68: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1943b0c.3b68: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
1953b0c.3b68: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1963b0c.3b68: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1973b0c.3b68: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1983b0c.3b68: supR3HardNtEnableThreadCreationEx:
1993b0c.3b68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb51ed1770 pvNtTerminateThread=00007ffb51efcac0
2003b0c.3b68: supR3HardenedWinDoReSpawn(1): New child fbc.10ac [kernel32].
2013b0c.3b68: supR3HardNtChildGatherData: PebBaseAddress=00000000007a8000 cbPeb=0x388
2023b0c.3b68: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb51e60000 uNtDllChildAddr=00007ffb51e60000
2033b0c.3b68: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb51ed1770
2043b0c.3b68: supR3HardenedWinSetupChildInit: Initial context:
205 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff751727900 rdx=00000000007a8000
206 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
207 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
208 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
209 rip=00007ffb51ecce30 rsp=00000000005dff08 rbp=0000000000000000 ctxflags=0010001b
210 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
211 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
212 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
213 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
214 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2153b0c.3b68: supR3HardenedWinSetupChildInit: Start child.
2163b0c.3b68: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2173b0c.3b68: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 47 sleeps
2183b0c.3b68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2193b0c.3b68: *0000000000000000-000000000049ffff 0x0001/0x0000 0x0000000
2203b0c.3b68: *00000000004a0000-00000000004bffff 0x0004/0x0004 0x0020000
2213b0c.3b68: *00000000004c0000-00000000004dafff 0x0002/0x0002 0x0040000
2223b0c.3b68: 00000000004db000-00000000004dffff 0x0001/0x0000 0x0000000
2233b0c.3b68: *00000000004e0000-00000000005dafff 0x0000/0x0004 0x0020000
2243b0c.3b68: 00000000005db000-00000000005ddfff 0x0104/0x0004 0x0020000
2253b0c.3b68: 00000000005de000-00000000005dffff 0x0004/0x0004 0x0020000
2263b0c.3b68: *00000000005e0000-00000000005e3fff 0x0002/0x0002 0x0040000
2273b0c.3b68: 00000000005e4000-00000000005effff 0x0001/0x0000 0x0000000
2283b0c.3b68: *00000000005f0000-00000000005f1fff 0x0004/0x0004 0x0020000
2293b0c.3b68: 00000000005f2000-00000000005fffff 0x0001/0x0000 0x0000000
2303b0c.3b68: *0000000000600000-00000000007a7fff 0x0000/0x0004 0x0020000
2313b0c.3b68: 00000000007a8000-00000000007aafff 0x0004/0x0004 0x0020000
2323b0c.3b68: 00000000007ab000-00000000007fffff 0x0000/0x0004 0x0020000
2333b0c.3b68: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
2343b0c.3b68: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2353b0c.3b68: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
2363b0c.3b68: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
2373b0c.3b68: 000000007ffe8000-00007ff5a733ffff 0x0001/0x0000 0x0000000
2383b0c.3b68: *00007ff5a7340000-00007ff5a7340fff 0x0002/0x0002 0x0040000
2393b0c.3b68: 00007ff5a7341000-00007ff5a734ffff 0x0001/0x0000 0x0000000
2403b0c.3b68: *00007ff5a7350000-00007ff5a7372fff 0x0002/0x0002 0x0040000
2413b0c.3b68: 00007ff5a7373000-00007ff75171ffff 0x0001/0x0000 0x0000000
2423b0c.3b68: *00007ff751720000-00007ff751720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2433b0c.3b68: 00007ff751721000-00007ff751796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2443b0c.3b68: 00007ff751797000-00007ff751797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2453b0c.3b68: 00007ff751798000-00007ff7517dffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2463b0c.3b68: 00007ff7517e0000-00007ff7517e0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2473b0c.3b68: 00007ff7517e1000-00007ff7517e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2483b0c.3b68: 00007ff7517e2000-00007ff7517e6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2493b0c.3b68: 00007ff7517e7000-00007ff7517e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2503b0c.3b68: 00007ff7517e8000-00007ff7517e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2513b0c.3b68: 00007ff7517e9000-00007ff7517ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2523b0c.3b68: 00007ff7517ed000-00007ff751835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2533b0c.3b68: 00007ff751836000-00007ffb51e5ffff 0x0001/0x0000 0x0000000
2543b0c.3b68: *00007ffb51e60000-00007ffb51e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2553b0c.3b68: 00007ffb51e61000-00007ffb51f77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2563b0c.3b68: 00007ffb51f78000-00007ffb51fbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2573b0c.3b68: 00007ffb51fbf000-00007ffb51fcafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2583b0c.3b68: 00007ffb51fcb000-00007ffb51fd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2593b0c.3b68: 00007ffb51fda000-00007ffb51fdafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2603b0c.3b68: 00007ffb51fdb000-00007ffb51fddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2613b0c.3b68: 00007ffb51fde000-00007ffb5204ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2623b0c.3b68: 00007ffb52050000-00007ffffffeffff 0x0001/0x0000 0x0000000
2633b0c.3b68: supR3HardNtChildPurify: Done after 515 ms and 0 fixes (loop #0).
264fbc.10ac: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
265fbc.10ac: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb51e60000 g_uNtVerCombined=0xa047bb00 (stack ~00000000005df998)
266fbc.10ac: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
267fbc.10ac: New simple heap: #1 0000000000900000 LB 0x400000 (for 2031616 allocation)
268fbc.10ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
2693b0c.3b68: supR3HardNtEnableThreadCreationEx:
270fbc.10ac: System32: \Device\HarddiskVolume6\Windows\System32
271fbc.10ac: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS
272fbc.10ac: KnownDllPath: C:\Windows\System32
273fbc.10ac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
274fbc.10ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
275fbc.10ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
276fbc.10ac: Registered Dll notification callback with NTDLL.
277fbc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\kernel32.dll)
278fbc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel32.dll
279fbc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
280fbc.10ac: supR3HardenedDllNotificationCallback: load 00007ffb4edf0000 LB 0x002a4000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
281fbc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\KernelBase.dll)
282fbc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
283fbc.10ac: supR3HardenedDllNotificationCallback: load 00007ffb50330000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
284fbc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
285fbc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\KERNEL32.DLL'
286fbc.10ac: supR3HardenedDllNotificationCallback: load 00007ff751720000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
287fbc.10ac: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
288fbc.10ac: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
289fbc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
290fbc.10ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb51ed1770 pvNtTerminateThread=00007ffb51efcac0
2913b0c.3b68: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 69 ms.
292fbc.10ac: \SystemRoot\System32\ntdll.dll:
293fbc.10ac: CreationTime: 2020-05-17T22:11:24.509525300Z
294fbc.10ac: LastWriteTime: 2020-05-17T22:11:24.545692200Z
295fbc.10ac: ChangeTime: 2020-06-28T23:59:28.350729100Z
296fbc.10ac: FileAttributes: 0x20
297fbc.10ac: Size: 0x1e8460
298fbc.10ac: NT Headers: 0xd8
299fbc.10ac: Timestamp: 0xb29ecf52
300fbc.10ac: Machine: 0x8664 - amd64
301fbc.10ac: Timestamp: 0xb29ecf52
302fbc.10ac: Image Version: 10.0
303fbc.10ac: SizeOfImage: 0x1f0000 (2031616)
304fbc.10ac: Resource Dir: 0x17f000 LB 0x6f310
305fbc.10ac: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
306fbc.10ac: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
307fbc.10ac: ProductName: Microsoft® Windows® Operating System
308fbc.10ac: ProductVersion: 10.0.18362.815
309fbc.10ac: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
310fbc.10ac: FileDescription: NT Layer DLL
311fbc.10ac: \SystemRoot\System32\kernel32.dll:
312fbc.10ac: CreationTime: 2020-06-28T23:58:48.597410000Z
313fbc.10ac: LastWriteTime: 2020-06-28T23:58:48.628658800Z
314fbc.10ac: ChangeTime: 2020-06-29T00:02:09.042659400Z
315fbc.10ac: FileAttributes: 0x20
316fbc.10ac: Size: 0xb0498
317fbc.10ac: NT Headers: 0xe8
318fbc.10ac: Timestamp: 0xce6bbd73
319fbc.10ac: Machine: 0x8664 - amd64
320fbc.10ac: Timestamp: 0xce6bbd73
321fbc.10ac: Image Version: 10.0
322fbc.10ac: SizeOfImage: 0xb2000 (729088)
323fbc.10ac: Resource Dir: 0xb0000 LB 0x520
324fbc.10ac: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
325fbc.10ac: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
326fbc.10ac: ProductName: Microsoft® Windows® Operating System
327fbc.10ac: ProductVersion: 10.0.18362.900
328fbc.10ac: FileVersion: 10.0.18362.900 (WinBuild.160101.0800)
329fbc.10ac: FileDescription: Windows NT BASE API Client DLL
330fbc.10ac: \SystemRoot\System32\KernelBase.dll:
331fbc.10ac: CreationTime: 2020-05-17T22:11:25.000591700Z
332fbc.10ac: LastWriteTime: 2020-05-17T22:11:25.073497400Z
333fbc.10ac: ChangeTime: 2020-06-28T23:59:28.366354800Z
334fbc.10ac: FileAttributes: 0x20
335fbc.10ac: Size: 0x2a4068
336fbc.10ac: NT Headers: 0xf8
337fbc.10ac: Timestamp: 0xb89efff3
338fbc.10ac: Machine: 0x8664 - amd64
339fbc.10ac: Timestamp: 0xb89efff3
340fbc.10ac: Image Version: 10.0
341fbc.10ac: SizeOfImage: 0x2a4000 (2768896)
342fbc.10ac: Resource Dir: 0x27e000 LB 0x548
343fbc.10ac: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
344fbc.10ac: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
345fbc.10ac: ProductName: Microsoft® Windows® Operating System
346fbc.10ac: ProductVersion: 10.0.18362.815
347fbc.10ac: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
348fbc.10ac: FileDescription: Windows NT BASE API Client DLL
349fbc.10ac: \SystemRoot\System32\apisetschema.dll:
350fbc.10ac: CreationTime: 2019-03-19T04:43:54.837151500Z
351fbc.10ac: LastWriteTime: 2019-03-19T04:43:54.837151500Z
352fbc.10ac: ChangeTime: 2020-06-28T23:59:28.178854600Z
353fbc.10ac: FileAttributes: 0x20
354fbc.10ac: Size: 0x1d028
355fbc.10ac: NT Headers: 0xc8
356fbc.10ac: Timestamp: 0xd6ced080
357fbc.10ac: Machine: 0x8664 - amd64
358fbc.10ac: Timestamp: 0xd6ced080
359fbc.10ac: Image Version: 10.0
360fbc.10ac: SizeOfImage: 0x1e000 (122880)
361fbc.10ac: Resource Dir: 0x1d000 LB 0x408
362fbc.10ac: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
363fbc.10ac: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
364fbc.10ac: ProductName: Microsoft® Windows® Operating System
365fbc.10ac: ProductVersion: 10.0.18362.1
366fbc.10ac: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
367fbc.10ac: FileDescription: ApiSet Schema DLL
368fbc.10ac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
369fbc.10ac: supR3HardenedWinFindAdversaries: 0x8
370fbc.10ac: \SystemRoot\System32\drivers\tmcomm.sys:
371fbc.10ac: CreationTime: 2018-06-06T09:23:47.871204000Z
372fbc.10ac: LastWriteTime: 2015-05-29T07:43:22.783229500Z
373fbc.10ac: ChangeTime: 2020-05-14T23:41:00.826506900Z
374fbc.10ac: FileAttributes: 0x2020
375fbc.10ac: Size: 0x4b098
376fbc.10ac: NT Headers: 0xe8
377fbc.10ac: Timestamp: 0x5568186c
378fbc.10ac: Machine: 0x8664 - amd64
379fbc.10ac: Timestamp: 0x5568186c
380fbc.10ac: Image Version: 6.0
381fbc.10ac: SizeOfImage: 0x4f000 (323584)
382fbc.10ac: Resource Dir: 0x4d000 LB 0x760
383fbc.10ac: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
384fbc.10ac: [Raw version resource data: 0x4d060 LB 0x700, codepage 0x0 (reserved 0x0)]
385fbc.10ac: ProductName: Trend Micro Eyes
386fbc.10ac: ProductVersion: 6.50
387fbc.10ac: FileVersion: 6.50.0.1058
388fbc.10ac: SpecialBuild: 1058
389fbc.10ac: PrivateBuild: Build 1058 - 5/29/2015
390fbc.10ac: FileDescription: TrendMicro Common Module
391fbc.10ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
392fbc.10ac: Calling main()
393fbc.10ac: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
394fbc.10ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
395fbc.10ac: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
396fbc.10ac: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
397fbc.10ac: SUPR3HardenedMain: Respawn #2
398fbc.10ac: supR3HardNtEnableThreadCreationEx:
399fbc.10ac: supR3HardenedDllNotificationCallback: load 00007ffb50190000 LB 0x00120000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
400fbc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll)
401fbc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
402fbc.10ac: supR3HardenedDllNotificationCallback: load 00007ffb50e00000 LB 0x00097000 C:\Windows\System32\sechost.dll [fFlags=0x0]
403fbc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
404fbc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\sechost.dll)
405fbc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\sechost.dll
406fbc.10ac: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
407fbc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ntdll.dll)
408fbc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ntdll.dll
409fbc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
410fbc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
411fbc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
412fbc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
413fbc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb51e60000 'C:\Windows\System32\ntdll.dll'
414fbc.10ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb51ed1770 pvNtTerminateThread=00007ffb51efcac0
415fbc.10ac: supR3HardenedWinDoReSpawn(2): New child 396c.3998 [kernel32].
416fbc.10ac: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
417fbc.10ac: supR3HardNtChildGatherData: PebBaseAddress=000000000069e000 cbPeb=0x388
418fbc.10ac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb51e60000 uNtDllChildAddr=00007ffb51e60000
419fbc.10ac: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb51ed1770
420fbc.10ac: supR3HardenedWinSetupChildInit: Initial context:
421 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff751727900 rdx=000000000069e000
422 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
423 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
424 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
425 rip=00007ffb51ecce30 rsp=00000000008ff9f8 rbp=0000000000000000 ctxflags=0010001b
426 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
427 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
428 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
429 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
430 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
431fbc.10ac: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
432fbc.10ac: supR3HardenedWinSetupChildInit: Start child.
433fbc.10ac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
434fbc.10ac: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 42 sleeps
435fbc.10ac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
436fbc.10ac: *0000000000000000-000000000057ffff 0x0001/0x0000 0x0000000
437fbc.10ac: *0000000000580000-000000000059ffff 0x0004/0x0004 0x0020000
438fbc.10ac: *00000000005a0000-00000000005bafff 0x0002/0x0002 0x0040000
439fbc.10ac: 00000000005bb000-00000000005bffff 0x0001/0x0000 0x0000000
440fbc.10ac: *00000000005c0000-00000000005c3fff 0x0002/0x0002 0x0040000
441fbc.10ac: 00000000005c4000-00000000005cffff 0x0001/0x0000 0x0000000
442fbc.10ac: *00000000005d0000-00000000005d1fff 0x0004/0x0004 0x0020000
443fbc.10ac: 00000000005d2000-00000000005fffff 0x0001/0x0000 0x0000000
444fbc.10ac: *0000000000600000-000000000069dfff 0x0000/0x0004 0x0020000
445fbc.10ac: 000000000069e000-00000000006a0fff 0x0004/0x0004 0x0020000
446fbc.10ac: 00000000006a1000-00000000007fffff 0x0000/0x0004 0x0020000
447fbc.10ac: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
448fbc.10ac: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
449fbc.10ac: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
450fbc.10ac: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
451fbc.10ac: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
452fbc.10ac: 000000007ffe1000-000000007ffe6fff 0x0001/0x0000 0x0000000
453fbc.10ac: *000000007ffe7000-000000007ffe7fff 0x0002/0x0002 0x0020000
454fbc.10ac: 000000007ffe8000-00007ff54edeffff 0x0001/0x0000 0x0000000
455fbc.10ac: *00007ff54edf0000-00007ff54edf0fff 0x0002/0x0002 0x0040000
456fbc.10ac: 00007ff54edf1000-00007ff54edfffff 0x0001/0x0000 0x0000000
457fbc.10ac: *00007ff54ee00000-00007ff54ee22fff 0x0002/0x0002 0x0040000
458fbc.10ac: 00007ff54ee23000-00007ff75171ffff 0x0001/0x0000 0x0000000
459fbc.10ac: *00007ff751720000-00007ff751720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
460fbc.10ac: 00007ff751721000-00007ff751796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
461fbc.10ac: 00007ff751797000-00007ff751797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
462fbc.10ac: 00007ff751798000-00007ff7517dffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
463fbc.10ac: 00007ff7517e0000-00007ff7517e0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
464fbc.10ac: 00007ff7517e1000-00007ff7517e1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
465fbc.10ac: 00007ff7517e2000-00007ff7517e6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
466fbc.10ac: 00007ff7517e7000-00007ff7517e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
467fbc.10ac: 00007ff7517e8000-00007ff7517e8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
468fbc.10ac: 00007ff7517e9000-00007ff7517ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
469fbc.10ac: 00007ff7517ed000-00007ff751835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
470fbc.10ac: 00007ff751836000-00007ffb51e5ffff 0x0001/0x0000 0x0000000
471fbc.10ac: *00007ffb51e60000-00007ffb51e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
472fbc.10ac: 00007ffb51e61000-00007ffb51f77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
473fbc.10ac: 00007ffb51f78000-00007ffb51fbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
474fbc.10ac: 00007ffb51fbf000-00007ffb51fcafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
475fbc.10ac: 00007ffb51fcb000-00007ffb51fd9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
476fbc.10ac: 00007ffb51fda000-00007ffb51fdafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
477fbc.10ac: 00007ffb51fdb000-00007ffb51fddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
478fbc.10ac: 00007ffb51fde000-00007ffb5204ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
479fbc.10ac: 00007ffb52050000-00007ffffffeffff 0x0001/0x0000 0x0000000
480fbc.10ac: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
481fbc.10ac: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
482fbc.10ac: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
483fbc.10ac: supR3HardNtChildPurify: Done after 540 ms and 0 fixes (loop #0).
484396c.3998: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
485396c.3998: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb51e60000 g_uNtVerCombined=0xa047bb00 (stack ~00000000008ff488)
486396c.3998: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
487396c.3998: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2031616 allocation)
488fbc.10ac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
489fbc.10ac: supR3HardNtEnableThreadCreationEx:
490396c.3998: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
491396c.3998: System32: \Device\HarddiskVolume6\Windows\System32
492396c.3998: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS
493396c.3998: KnownDllPath: C:\Windows\System32
494396c.3998: supR3HardenedVmProcessInit: Opening vboxdrv...
495396c.3998: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
496396c.3998: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
497396c.3998: Registered Dll notification callback with NTDLL.
498396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\kernel32.dll)
499396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel32.dll
500396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
501396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4edf0000 LB 0x002a4000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
502396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\KernelBase.dll)
503396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
504396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50330000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
505396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
506396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\KERNEL32.DLL'
507396c.3998: supR3HardenedDllNotificationCallback: load 00007ff751720000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
508396c.3998: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
509396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
510396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
511396c.3998: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb51ed1770 pvNtTerminateThread=00007ffb51efcac0
512fbc.10ac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 79 ms.
513396c.3998: \SystemRoot\System32\ntdll.dll:
514396c.3998: CreationTime: 2020-05-17T22:11:24.509525300Z
515396c.3998: LastWriteTime: 2020-05-17T22:11:24.545692200Z
516396c.3998: ChangeTime: 2020-06-28T23:59:28.350729100Z
517396c.3998: FileAttributes: 0x20
518396c.3998: Size: 0x1e8460
519396c.3998: NT Headers: 0xd8
520396c.3998: Timestamp: 0xb29ecf52
521396c.3998: Machine: 0x8664 - amd64
522396c.3998: Timestamp: 0xb29ecf52
523396c.3998: Image Version: 10.0
524396c.3998: SizeOfImage: 0x1f0000 (2031616)
525396c.3998: Resource Dir: 0x17f000 LB 0x6f310
526396c.3998: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
527396c.3998: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
528396c.3998: ProductName: Microsoft® Windows® Operating System
529396c.3998: ProductVersion: 10.0.18362.815
530396c.3998: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
531396c.3998: FileDescription: NT Layer DLL
532396c.3998: \SystemRoot\System32\kernel32.dll:
533396c.3998: CreationTime: 2020-06-28T23:58:48.597410000Z
534396c.3998: LastWriteTime: 2020-06-28T23:58:48.628658800Z
535396c.3998: ChangeTime: 2020-06-29T00:02:09.042659400Z
536396c.3998: FileAttributes: 0x20
537396c.3998: Size: 0xb0498
538396c.3998: NT Headers: 0xe8
539396c.3998: Timestamp: 0xce6bbd73
540396c.3998: Machine: 0x8664 - amd64
541396c.3998: Timestamp: 0xce6bbd73
542396c.3998: Image Version: 10.0
543396c.3998: SizeOfImage: 0xb2000 (729088)
544396c.3998: Resource Dir: 0xb0000 LB 0x520
545396c.3998: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
546396c.3998: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
547396c.3998: ProductName: Microsoft® Windows® Operating System
548396c.3998: ProductVersion: 10.0.18362.900
549396c.3998: FileVersion: 10.0.18362.900 (WinBuild.160101.0800)
550396c.3998: FileDescription: Windows NT BASE API Client DLL
551396c.3998: \SystemRoot\System32\KernelBase.dll:
552396c.3998: CreationTime: 2020-05-17T22:11:25.000591700Z
553396c.3998: LastWriteTime: 2020-05-17T22:11:25.073497400Z
554396c.3998: ChangeTime: 2020-06-28T23:59:28.366354800Z
555396c.3998: FileAttributes: 0x20
556396c.3998: Size: 0x2a4068
557396c.3998: NT Headers: 0xf8
558396c.3998: Timestamp: 0xb89efff3
559396c.3998: Machine: 0x8664 - amd64
560396c.3998: Timestamp: 0xb89efff3
561396c.3998: Image Version: 10.0
562396c.3998: SizeOfImage: 0x2a4000 (2768896)
563396c.3998: Resource Dir: 0x27e000 LB 0x548
564396c.3998: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
565396c.3998: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
566396c.3998: ProductName: Microsoft® Windows® Operating System
567396c.3998: ProductVersion: 10.0.18362.815
568396c.3998: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
569396c.3998: FileDescription: Windows NT BASE API Client DLL
570396c.3998: \SystemRoot\System32\apisetschema.dll:
571396c.3998: CreationTime: 2019-03-19T04:43:54.837151500Z
572396c.3998: LastWriteTime: 2019-03-19T04:43:54.837151500Z
573396c.3998: ChangeTime: 2020-06-28T23:59:28.178854600Z
574396c.3998: FileAttributes: 0x20
575396c.3998: Size: 0x1d028
576396c.3998: NT Headers: 0xc8
577396c.3998: Timestamp: 0xd6ced080
578396c.3998: Machine: 0x8664 - amd64
579396c.3998: Timestamp: 0xd6ced080
580396c.3998: Image Version: 10.0
581396c.3998: SizeOfImage: 0x1e000 (122880)
582396c.3998: Resource Dir: 0x1d000 LB 0x408
583396c.3998: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
584396c.3998: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
585396c.3998: ProductName: Microsoft® Windows® Operating System
586396c.3998: ProductVersion: 10.0.18362.1
587396c.3998: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
588396c.3998: FileDescription: ApiSet Schema DLL
589396c.3998: NtOpenDirectoryObject failed on \Driver: 0xc0000022
590396c.3998: supR3HardenedWinFindAdversaries: 0x8
591396c.3998: \SystemRoot\System32\drivers\tmcomm.sys:
592396c.3998: CreationTime: 2018-06-06T09:23:47.871204000Z
593396c.3998: LastWriteTime: 2015-05-29T07:43:22.783229500Z
594396c.3998: ChangeTime: 2020-05-14T23:41:00.826506900Z
595396c.3998: FileAttributes: 0x2020
596396c.3998: Size: 0x4b098
597396c.3998: NT Headers: 0xe8
598396c.3998: Timestamp: 0x5568186c
599396c.3998: Machine: 0x8664 - amd64
600396c.3998: Timestamp: 0x5568186c
601396c.3998: Image Version: 6.0
602396c.3998: SizeOfImage: 0x4f000 (323584)
603396c.3998: Resource Dir: 0x4d000 LB 0x760
604396c.3998: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
605396c.3998: [Raw version resource data: 0x4d060 LB 0x700, codepage 0x0 (reserved 0x0)]
606396c.3998: ProductName: Trend Micro Eyes
607396c.3998: ProductVersion: 6.50
608396c.3998: FileVersion: 6.50.0.1058
609396c.3998: SpecialBuild: 1058
610396c.3998: PrivateBuild: Build 1058 - 5/29/2015
611396c.3998: FileDescription: TrendMicro Common Module
612396c.3998: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
613396c.3998: Calling main()
614396c.3998: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
615396c.3998: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox'
616396c.3998: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
617396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
618396c.3998: SUPR3HardenedMain: Final process, opening VBoxDrv...
619396c.3998: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
620396c.3998: supR3HardNtEnableThreadCreationEx:
621396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
622396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
623396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
624396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
625396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb41ca0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
626396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
627396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
628396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
629396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
630396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
631396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
632396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
633396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
634396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
635396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
636396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
637396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
638396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wintrust.dll)
639396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wintrust.dll
640396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
641396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
642396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll)
643396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
644396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
645396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume6\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
646396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
647396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\crypt32.dll)
648396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\crypt32.dll
649396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
650396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume6\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
651396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\msasn1.dll)
652396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msasn1.dll
653396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
654396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
655396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\msvcrt.dll)
656396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
657396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
658396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume6\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
659396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
660396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
661396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb503f0000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
662396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
663396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ed30000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
664396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
665396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4f9c0000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
666396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ucrtbase.dll)
667396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ucrtbase.dll
668396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4fd40000 LB 0x00149000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
669396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
670396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50190000 LB 0x00120000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
671396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
672396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4fe90000 LB 0x0005c000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
673396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
674396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
675396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
676396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-synch-l1-2-0'
677396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
678396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
679396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-fibers-l1-1-1'
680396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
681396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
682396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-fibers-l1-1-1'
683396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
684396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
685396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-synch-l1-2-0'
686396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
687396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
688396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-localization-l1-2-1'
689396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fe90000 'C:\Windows\system32\Wintrust.dll'
690396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\bcrypt.dll)
691396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\bcrypt.dll
692396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
693396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4f990000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
694396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
695396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4f990000 'C:\Windows\system32\bcrypt.dll'
696396c.3998: bcrypt.dll loaded at 00007ffb4f990000, BCryptOpenAlgorithmProvider at 00007ffb4f994c70, preloading providers:
697396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll)
698396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll
699396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
700396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4f870000 LB 0x00080000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
701396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
702396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4f870000 'C:\Windows\system32\bcryptprimitives.dll'
703396c.3998: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000e5f0d0)
704396c.3998: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000e5fe30)
705396c.3998: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000e60130)
706396c.3998: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000e60430)
707396c.3998: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000e60730)
708396c.3998: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000e60a30)
709396c.3998: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000e60d30)
710396c.3998: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000e61030)
711396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ff50000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0]
712396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\cryptsp.dll)
713396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cryptsp.dll
714396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
715396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\rsaenh.dll)
716396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\rsaenh.dll
717396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
718396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
719396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
720396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
721396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
722396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4e100000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
723396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
724396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
725396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
726396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\cryptbase.dll)
727396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cryptbase.dll
728396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4e760000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
729396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
730396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
731396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
732396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
733396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
734396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
735396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\kernel32.dll'
736396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
737396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
738396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fe90000 'C:\Windows\System32\WINTRUST.DLL'
739396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
740396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
741396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\CRYPT32.dll'
742396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb51df0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
743396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
744396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\imagehlp.dll)
745396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\imagehlp.dll
746396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
747396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
748396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
749396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
750396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
751396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
752396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50e00000 LB 0x00097000 C:\Windows\System32\sechost.dll [fFlags=0x0]
753396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
754396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\sechost.dll)
755396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\sechost.dll
756396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
757396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
758396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\gpapi.dll)
759396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\gpapi.dll
760396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4d920000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
761396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
762396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ed50000 LB 0x00023000 C:\Windows\System32\profapi.dll [fFlags=0x0]
763396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\profapi.dll)
764396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\profapi.dll
765396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
766396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
767396c.3998: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\cryptnet.dll)
768396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cryptnet.dll
769396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
770396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume6\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
771396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
772396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
773396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
774396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
775396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
776396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
777396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
778396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
779396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
780396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
781396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
782396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
783396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
784396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
785396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
786396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb464d0000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
787396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
789396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
790396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
791396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
792396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
793396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
794396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
795396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
796396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
797396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
798396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
799396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
800396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
801396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
802396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
803396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
804396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
805396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
806396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
807396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
808396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
809396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
810396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
811396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
812396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
813396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
814396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
815396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
816396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
817396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
818396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb464d0000 'C:\Windows\System32\cryptnet.dll'
819396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb51420000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
820396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
821396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
822396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
823396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\advapi32.dll)
824396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\advapi32.dll
825396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
826396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
827396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
828396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
829396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
830396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume6\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
831396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\sechost.dll [lacks WinVerifyTrust]
832396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
833396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
834396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
835396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
836396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
837396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
838396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
839396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
840396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
841396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000e98890
842396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
843396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F110B40CF67FEF4EFA84C23431B3B42233E381F
844396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
845396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
846396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50190000 'C:\Windows\System32\rpcrt4.dll'
847396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
848396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
849396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
850396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
851396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
852396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
853396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\SystemRoot\System32\ntdll.dll'
854396c.3998: g_pfnWinVerifyTrust=00007ffb4fe961f0
855396c.3998: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
856396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
857396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
858396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
859396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
860396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
861396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
862396c.3998: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\crypt32.dll'
863396c.3998: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
864396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
865396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
866396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
867396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll
868396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
869396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
870396c.3998: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\wintrust.dll'
871396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
872396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
873396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
874396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
875396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\advapi32.dll'
876396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume6\Windows\System32\cryptnet.dll
877396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
878396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
879396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
880396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
881396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
882396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
883396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\cryptnet.dll'
884396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
885396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cryptnet.dll'
886396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
887396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
888396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
889396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\profapi.dll'
890396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
891396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
892396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
893396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\gpapi.dll'
894396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
895396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
896396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
897396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\sechost.dll'
898396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
899396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
900396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
901396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\imagehlp.dll'
902396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
903396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
904396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
905396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cryptbase.dll'
906396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
907396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
908396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll
909396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
910396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
911396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\rsaenh.dll'
912396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll
913396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
914396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
915396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
916396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cryptsp.dll'
917396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
918396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
919396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll'
920396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
921396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
922396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll'
923396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
924396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
925396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\ucrtbase.dll'
926396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
927396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
928396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll'
929396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
930396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
931396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msasn1.dll'
932396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
933396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
934396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll'
935396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
936396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
937396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
938396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
939396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
940396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
941396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\KernelBase.dll'
942396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
943396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
944396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\kernel32.dll'
945396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\system32\crypt32.dll'
946396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x40bd1a626bd0be00 CN=DSA Root CA
947396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
948396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
949396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xe63d34c9c040b300 CN=ESET SSL Filter CA, O=ESET, spol. s r. o., C=SK
950396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xc4e9f2649380b200 CN=T1650
951396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
952396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x3de443dffbc09300 CN=T1650
953396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
954396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
955396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
956396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
957396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
958396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
959396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
960396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
961396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
962396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
963396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
964396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xc0d1cb33decdb600 CN=UniversalADB
965396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
966396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
967396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
968396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
969396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
970396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
971396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
972396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
973396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
974396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
975396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
976396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
977396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
978396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
979396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
980396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
981396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
982396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
983396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
984396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
985396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
986396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
987396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
988396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
989396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
990396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
991396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
992396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
993396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
994396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xf8dae202a2dfca00 C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
995396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
996396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
997396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
998396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
999396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1000396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1001396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1002396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1003396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1004396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
1005396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1006396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1007396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1008396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1009396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1010396c.3998: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1011396c.3998: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=65
1012396c.3998: SUPR3HardenedMain: Load Runtime...
1013396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1014396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1015396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1016396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1017396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1018396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1019396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1020396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1021396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1022396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1023396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1024396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1025396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ws2_32.dll) WinVerifyTrust
1026396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
1027396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1028396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1029396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
1030396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1031396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1032396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1033396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1034396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
1035396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1036396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1037396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1038396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1039396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1040396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1041396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1042396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1043396c.3998: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1044396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll)
1045396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1046396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1047396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1048396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1049396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1050396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1051396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1052396c.3998: supR3HardenedDllNotificationCallback: load 0000000055000000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1053396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1054396c.3998: supR3HardenedDllNotificationCallback: load 0000000053ea0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1055396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1056396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50d90000 LB 0x0006f000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
1057396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
1058396c.3998: supR3HardenedDllNotificationCallback: load 00007ffaf8f90000 LB 0x005d6000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1059396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1060396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1061396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1062396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1063396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1064396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1065396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1066396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1067396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1068396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1069396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1070396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1071396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1072396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1073396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1074396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1075396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1076396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1077396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1078396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1079396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1080396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1081396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1082396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1083396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1084396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1085396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1086396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1087396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1088396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1089396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1090396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1091396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1092396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1093396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1094396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1095396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1096396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1097396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1098396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1099396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1100396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1101396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1102396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1103396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1104396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1105396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1106396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1107396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1108396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1109396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1110396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1111396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1112396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1113396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1114396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1115396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1116396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1117396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1118396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1119396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1120396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1121396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1122396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1123396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1124396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1125396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1126396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1127396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1128396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1129396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1130396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1131396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1132396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1133396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1134396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1135396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1136396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1137396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1138396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1139396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1140396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1141396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1142396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1143396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1144396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1145396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1146396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1147396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1148396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1149396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1150396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1151396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1153396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1154396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1155396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1156396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1158396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1159396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1160396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1161396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1163396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1164396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1165396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1166396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1168396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1169396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1170396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1171396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1173396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1174396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1175396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1176396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1178396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1179396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1180396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1181396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1182396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1183396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1184396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1185396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1186396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1187396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1188396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1189396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1190396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1191396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1192396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1193396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1194396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1195396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1196396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1197396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1198396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1199396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1200396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1201396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1202396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1203396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1204396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1205396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1206396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1207396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1208396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1209396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1210396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1211396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1212396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1213396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1214396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1215396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1216396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1217396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1218396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1219396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1220396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1221396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxRT.dll
1222396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1223396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1224396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1225396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1226396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1227396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1228396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1229396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1230396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1231396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1232396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1233396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1234396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1235396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1236396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf8f90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1237396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1238396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll'
1239396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wintrust.dll
1240396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1241396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fe90000 'C:\Windows\system32\Wintrust.dll'
1242396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll
1243396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1244396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1245396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1246396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1247396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1248396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\system32\crypt32.dll'
1249396c.3998: SUPR3HardenedMain: Load TrustedMain...
1250396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1251396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1252396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1253396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1254396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1255396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1256396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1257396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1258396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1259396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1260396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1261396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1262396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1263396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1264396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1265396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1266396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1267396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1268396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1269396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1270396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1271396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1272396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\winmm.dll) WinVerifyTrust
1273396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\winmm.dll
1274396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1275396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1276396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1277396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1278396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
1279396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1280396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1281396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
1282396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1283396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\winmmbase.dll)
1284396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\winmmbase.dll
1285396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1286396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1287396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
1288396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1289396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll
1290396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1291396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1292396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1293396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1294396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1295396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\oleaut32.dll) WinVerifyTrust
1296396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
1297396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1298396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1299396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1300396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1301396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1302396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1303396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1304396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1305396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1306396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\combase.dll)
1307396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\combase.dll
1308396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1309396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1310396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1311396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll)
1312396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
1313396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1314396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1315396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll
1316396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1317396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1318396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1319396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1320396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1321396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
1322396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
1323396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1324396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ole32.dll) WinVerifyTrust
1325396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ole32.dll
1326396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1327396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1328396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1329396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1330396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll [lacks WinVerifyTrust]
1331396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1332396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1333396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1334396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1335396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1336396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\user32.dll)
1337396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\user32.dll
1338396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1339396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1340396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1341396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
1342396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\gdi32.dll)
1343396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\gdi32.dll
1344396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1345396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1346396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1347396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1348396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1349396c.3998: '\Device\HarddiskVolume6\Windows\System32\win32u.dll' has no imports
1350396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\win32u.dll)
1351396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\win32u.dll
1352396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1353396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1354396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1355396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1356396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1357396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1358396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1359396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1360396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1361396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1362396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\user32.dll) WinVerifyTrust
1363396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1364396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1365396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1366396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1367396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1368396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1369396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1370396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1371396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1372396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1373396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1374396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1375396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1376396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1377396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1378396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1379396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1380396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1381396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1382396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1383396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1384396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1385396c.3998: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1386396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1387396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1388396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1389396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1390396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1391396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1392396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1393396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1394396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1395396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1396396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1397396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1398396c.3998: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1399396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1400396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1401396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1402396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1403396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1404396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1405396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1406396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1407396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1408396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1409396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1410396c.3998: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1411396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1412396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1413396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1414396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1415396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1416396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1417396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1418396c.3998: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1419396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1420396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1421396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1422396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1423396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1424396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1425396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1426396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1427396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1428396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
1429396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
1430396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
1431396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\shell32.dll)
1432396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\shell32.dll
1433396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1434396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1435396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1436396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1437396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1438396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1439396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1440396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1441396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1442396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1443396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1444396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1445396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1446396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1447396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1448396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1449396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1450396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1451396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1452396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1453396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1454396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1455396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1456396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1457396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1458396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1459396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1460396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1461396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1462396c.3998: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\opengl32.dll'.
1463396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1464396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1465396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1466396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1467396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1468396c.3998: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\opengl32.dll)
1469396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\opengl32.dll
1470396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1471396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1472396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
1473396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1474396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1475396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1476396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1477396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1478396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1479396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1480396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1481396c.3998: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
1482396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\mpr.dll)
1483396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\mpr.dll
1484396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1485396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1486396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
1487396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1488396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1489396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
1490396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1491396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1492396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
1493396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1494396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1495396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1496396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1497396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1498396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1499396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1500396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1501396c.3998: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
1502396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1503396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1504396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1505396c.3998: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\glu32.dll)
1506396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\glu32.dll
1507396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1508396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1509396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1510396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1511396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1512396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1513396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1514396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1515396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
1516396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1517396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1518396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
1519396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1520396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1521396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1522396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1523396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1524396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1525396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1526396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1527396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1528396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1529396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1530396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1531396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1532396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1533396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
1534396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1535396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1536396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1537396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1538396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1539396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1540396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1541396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1542396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1543396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1544396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1545396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1546396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1547396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1548396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1549396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1550396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1551396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1552396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1553396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1554396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1555396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1556396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1557396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1558396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1559396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1560396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1561396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1562396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1563396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1564396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1565396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1566396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1567396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1568396c.3998: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1569396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1570396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1571396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1572396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1573396c.3998: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1574396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1575396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1576396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
1577396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1578396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1579396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
1580396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1581396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1582396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
1583396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
1584396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1585396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1586396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1587396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1588396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1589396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1590396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1591396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1592396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1593396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1594396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1595396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
1596396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\UICommon.dll
1597396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1598396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume6\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1599396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1600396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume6\Windows\System32\opengl32.dll
1601396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
1602396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
1603396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
1604396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1605396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1606396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1607396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1608396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
1609396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1610396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1611396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
1612396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1613396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1614396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
1615396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1616396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1617396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [lacks WinVerifyTrust]
1618396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1619396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1620396c.3998: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1621396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1622396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1623396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1624396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1625396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1626396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1627396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1628396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1629396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1630396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1631396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
1632396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
1633396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\opengl32.dll'
1634396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1635396c.3998: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\opengl32.dll'
1636396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1637396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1638396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll
1639396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\UICommon.dll
1640396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1641396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1642396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1643396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1644396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
1645396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1646396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1647396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1648396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1649396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
1650396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\DXCore.dll)
1651396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\DXCore.dll
1652396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4fac0000 LB 0x00021000 C:\Windows\System32\win32u.dll [fFlags=0x0]
1653396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1654396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4f8f0000 LB 0x0009e000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
1655396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1656396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4faf0000 LB 0x00195000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
1657396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1658396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1659396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1660396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1661396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\gdi32full.dll)
1662396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\gdi32full.dll
1663396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50d60000 LB 0x00026000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
1664396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1665396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50490000 LB 0x00194000 C:\Windows\System32\USER32.dll [fFlags=0x0]
1666396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1667396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50840000 LB 0x00335000 C:\Windows\System32\combase.dll [fFlags=0x0]
1668396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1669396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4f0a0000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
1670396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll)
1671396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
1672396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4d970000 LB 0x00020000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0]
1673396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
1674396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb00bb0000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1675396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1676396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb00be0000 LB 0x00156000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1677396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\opengl32.dll
1678396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50f00000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0]
1679396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1680396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
1681396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
1682396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\SHCore.dll)
1683396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\SHCore.dll
1684396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ed20000 LB 0x00010000 C:\Windows\System32\UMPDC.dll [fFlags=0x0]
1685396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\umpdc.dll)
1686396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\umpdc.dll
1687396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4eda0000 LB 0x0004a000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
1688396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1689396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
1690396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\powrprof.dll)
1691396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\powrprof.dll
1692396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50ea0000 LB 0x00052000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
1693396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1694396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1695396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1696396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\shlwapi.dll)
1697396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\shlwapi.dll
1698396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ed80000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
1699396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1700396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1701396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll)
1702396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll
1703396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4f0f0000 LB 0x00780000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
1704396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
1705396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
1706396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
1707396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
1708396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\windows.storage.dll)
1709396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\windows.storage.dll
1710396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb514e0000 LB 0x006e6000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
1711396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1712396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50b80000 LB 0x00157000 C:\Windows\System32\ole32.dll [fFlags=0x0]
1713396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
1714396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb42e40000 LB 0x0001b000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
1715396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1716396c.3998: supR3HardenedDllNotificationCallback: load 0000000052db0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1717396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1718396c.3998: supR3HardenedDllNotificationCallback: load 00007ffaf8990000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1719396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1720396c.3998: supR3HardenedDllNotificationCallback: load 0000000052840000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1721396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1722396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ffe0000 LB 0x000c5000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
1723396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
1724396c.3998: supR3HardenedDllNotificationCallback: load 00007ffaee8e0000 LB 0x02314000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
1725396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\UICommon.dll
1726396c.3998: supR3HardenedDllNotificationCallback: load 00000000527e0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1727396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1728396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4c7e0000 LB 0x0002d000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1729396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1730396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4c810000 LB 0x00024000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1731396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
1732396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb20a80000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1733396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1734396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
1735396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
1736396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
1737396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
1738396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
1739396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
1740396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
1741396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
1742396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
1743396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
1744396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
1745396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
1746396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
1747396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
1748396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
1749396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
1750396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
1751396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
1752396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
1753396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
1754396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
1755396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
1756396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
1757396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
1758396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1759396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1760396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1761396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
1762396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1763396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
1764396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1765396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
1766396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1767396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
1768396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1769396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
1770396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
1771396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
1772396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll
1773396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1774396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1775396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\profapi.dll
1776396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1777396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1778396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1779396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1780396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1781396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1782396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
1783396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1784396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1785396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll [redoing WinVerifyTrust]
1786396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1787396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\combase.dll
1788396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1789396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1790396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1791396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1792396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1793396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1794396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [redoing WinVerifyTrust]
1795396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1796396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\user32.dll
1797396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1798396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1799396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1800396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1801396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\gdi32.dll
1802396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1803396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1804396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
1805396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
1806396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
1807396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
1808396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\umpdc.dll
1809396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1810396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1811396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1812396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1813396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll [redoing WinVerifyTrust]
1814396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1815396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\combase.dll
1816396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1817396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1818396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
1819396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1820396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1821396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1822396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1823396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1824396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1825396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\win32u.dll
1826396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1827396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1828396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [redoing WinVerifyTrust]
1829396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1830396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\user32.dll
1831396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1832396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1833396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1834396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1835396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\gdi32.dll
1836396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1837396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1838396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1839396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1840396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
1841396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1842396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1843396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1844396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1845396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\win32u.dll
1846396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1847396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1848396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1849396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1850396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
1851396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1852396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\kernel32.dll'
1853396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
1854396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
1855396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
1856396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
1857396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
1858396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
1859396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
1860396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
1861396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
1862396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
1863396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
1864396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
1865396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
1866396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
1867396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
1868396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
1869396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
1870396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
1871396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
1872396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
1873396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
1874396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
1875396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
1876396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
1877396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1878396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1879396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1880396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
1881396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1882396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
1883396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1884396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
1885396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1886396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
1887396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1888396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
1889396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
1890396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
1891396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
1892396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
1893396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
1894396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
1895396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
1896396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
1897396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
1898396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
1899396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
1900396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
1901396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
1902396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
1903396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
1904396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
1905396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
1906396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
1907396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
1908396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
1909396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
1910396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
1911396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
1912396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
1913396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
1914396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
1915396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1916396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1917396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1918396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
1919396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1920396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
1921396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1922396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
1923396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1924396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
1925396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1926396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
1927396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
1928396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
1929396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1930396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1931396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-string-l1-1-0'
1932396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
1933396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
1934396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
1935396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
1936396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
1937396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
1938396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
1939396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
1940396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
1941396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
1942396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
1943396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
1944396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
1945396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
1946396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
1947396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
1948396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
1949396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
1950396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
1951396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
1952396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
1953396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
1954396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
1955396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
1956396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1957396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1958396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1959396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
1960396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1961396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
1962396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
1963396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
1964396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
1965396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
1966396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
1967396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
1968396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
1969396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
1970396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
1971396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
1972396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
1973396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
1974396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
1975396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
1976396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
1977396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
1978396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
1979396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
1980396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
1981396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
1982396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
1983396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
1984396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
1985396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
1986396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
1987396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
1988396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
1989396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
1990396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
1991396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
1992396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
1993396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
1994396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1995396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1996396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
1997396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
1998396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
1999396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2000396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2001396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2002396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2003396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2004396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2005396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2006396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2007396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2008396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
2009396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2010396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-datetime-l1-1-1'
2011396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2012396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2013396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2014396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2015396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2016396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2017396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2018396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2019396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2020396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2021396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2022396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2023396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2024396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2025396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2026396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2027396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2028396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2029396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2030396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2031396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2032396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2033396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2034396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2035396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2036396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2037396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2038396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2039396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2040396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2041396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2042396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2043396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2044396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2045396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2046396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2047396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2048396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2049396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2050396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2051396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2052396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2053396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2054396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2055396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2056396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2057396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2058396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2059396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2060396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2061396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2062396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2063396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2064396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2065396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2066396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2067396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2068396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2069396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2070396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2071396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2072396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2073396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2074396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2075396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2076396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2077396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2078396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2079396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2080396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2081396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2082396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2083396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2084396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2085396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2086396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2087396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
2088396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2089396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-localization-obsolete-l1-2-0'
2090396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2091396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2092396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2093396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2094396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2095396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2096396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2097396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2098396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2099396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2100396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2101396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2102396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2103396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2104396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2105396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2106396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2107396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2108396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2109396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2110396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2111396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2112396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2113396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2114396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2115396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2116396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2117396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2118396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2119396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2120396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2121396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2122396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2123396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2124396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2125396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2126396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2127396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2128396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2129396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2130396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2131396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2132396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2133396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2134396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2135396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2136396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2137396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2138396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2139396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2140396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2141396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2142396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2143396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2144396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2145396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2146396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2147396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2148396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2149396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2150396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2151396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2152396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2153396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2154396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2155396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2156396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2157396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2158396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2159396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2160396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2161396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2162396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2163396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2164396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2165396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2166396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\imm32.dll'.
2167396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
2168396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
2169396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\imm32.dll)
2170396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\imm32.dll
2171396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2172396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2173396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2174396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2175396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\win32u.dll
2176396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2177396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2178396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll [redoing WinVerifyTrust]
2179396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2180396c.3998: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume6\Windows\System32\user32.dll
2181396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2182396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb50160000 LB 0x0002e000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
2183396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
2184396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50160000 'C:\Windows\system32\IMM32.DLL'
2185396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\imm32.dll'.
2186396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rescheduled]
2187396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2188396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2189396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2190396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2191396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2192396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2193396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2194396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2195396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2196396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2197396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2198396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2199396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2200396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2201396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2202396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2203396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2204396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2205396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2206396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2207396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2208396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2209396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2210396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2211396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2212396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2213396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2214396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2215396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2216396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2217396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2218396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2219396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2220396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2221396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2222396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2223396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2224396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2225396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\imm32.dll'.
2226396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rescheduled]
2227396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2228396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2229396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2230396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2231396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2232396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2233396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2234396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2235396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2236396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2237396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2238396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2239396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2240396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2241396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2242396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2243396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2244396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2245396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2246396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2247396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2248396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2249396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2250396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2251396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2252396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2253396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2254396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2255396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2256396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2257396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2258396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2259396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2260396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2261396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2262396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2263396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2264396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2265396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
2266396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2267396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb51420000 'C:\Windows\System32\ADVAPI32.DLL'
2268396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\imm32.dll'.
2269396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rescheduled]
2270396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'.
2271396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll' [rescheduled]
2272396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'.
2273396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll' [rescheduled]
2274396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'.
2275396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rescheduled]
2276396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'.
2277396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll' [rescheduled]
2278396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'.
2279396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll' [rescheduled]
2280396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'.
2281396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll' [rescheduled]
2282396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'.
2283396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rescheduled]
2284396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'.
2285396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll' [rescheduled]
2286396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'.
2287396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll' [rescheduled]
2288396c.3998: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume6\Windows\System32\glu32.dll'.
2289396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll' [rescheduled]
2290396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\mpr.dll'.
2291396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll' [rescheduled]
2292396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\shell32.dll'.
2293396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rescheduled]
2294396c.3998: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2295396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2296396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\win32u.dll'.
2297396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rescheduled]
2298396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'.
2299396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rescheduled]
2300396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\user32.dll'.
2301396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rescheduled]
2302396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'.
2303396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rescheduled]
2304396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\combase.dll'.
2305396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rescheduled]
2306396c.3998: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'.
2307396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rescheduled]
2308396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb20a80000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
2309396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2310396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2311396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\imm32.dll'
2312396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2313396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2314396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\windows.storage.dll'
2315396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2316396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2317396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\kernel.appcore.dll'
2318396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2319396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2320396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll'
2321396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2322396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2323396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\powrprof.dll'
2324396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2325396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2326396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\umpdc.dll'
2327396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2328396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2329396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\SHCore.dll'
2330396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2331396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2332396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll'
2333396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2334396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2335396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\gdi32full.dll'
2336396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2337396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2338396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\DXCore.dll'
2339396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume6\Windows\System32\glu32.dll
2340396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2341396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2342396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
2343396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2344396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2345396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\glu32.dll'
2346396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2347396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\glu32.dll'
2348396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2349396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2350396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\mpr.dll'
2351396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2352396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2353396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\shell32.dll'
2354396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2355396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
2356396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2357396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2358396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\win32u.dll'
2359396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2360396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2361396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\gdi32.dll'
2362396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2363396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2364396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\user32.dll'
2365396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2366396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2367396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll'
2368396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2369396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2370396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\combase.dll'
2371396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll
2372396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2373396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2374396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2375396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll'
2376396c.3998: SUPR3HardenedMain: Calling TrustedMain (00007ffb20a816c0)...
2377396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2378396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2379396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2380396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2381396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2382396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2383396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2384396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2385396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2386396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2387396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2388396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2389396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2390396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2391396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2392396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2393396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2394396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2395396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2396396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2397396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2398396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2399396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2400396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2401396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
2402396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2403396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2404396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
2405396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2406396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2407396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
2408396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2409396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2410396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
2411396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2412396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2413396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\imm32.dll
2414396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2415396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2416396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2417396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2418396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
2419396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2420396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2421396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2422396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2423396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb07300000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2424396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2425396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb07300000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2426396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000410 pwszName=\Device\HarddiskVolume6\Windows\System32\uxtheme.dll
2427396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2428396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2429396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
2430396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2431396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2432396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\uxtheme.dll'
2433396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2434396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2435396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2436396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2437396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\uxtheme.dll) WinVerifyTrust
2438396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
2439396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2440396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2441396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2442396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2443396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2444396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2445396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2446396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
2447396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4d070000 LB 0x00099000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2448396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
2449396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d070000 'C:\Windows\system32\uxtheme.dll'
2450396c.3998: \Device\HarddiskVolume6\Program Files (x86)\Stardock\Fences\FencesMenu64.dll: Owner is administrators group.
2451396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2452396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'userenv.dll'.
2453396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wtsapi32.dll'.
2454396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2455396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2456396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2457396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2458396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2459396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2460396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shlwapi.dll'.
2461396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdiplus.dll'.
2462396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files (x86)\Stardock\Fences\FencesMenu64.dll) WinVerifyTrust
2463396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2464396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
2465396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
2466396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume6\Windows\System32\GdiPlus.dll
2467396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2468396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2469396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71E106999266D570D72511410FC5942DC35DB369
2470396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2471396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2472396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\GdiPlus.dll'
2473396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2474396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2475396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
2476396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
2477396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\GdiPlus.dll) WinVerifyTrust
2478396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\GdiPlus.dll
2479396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2480396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2481396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shlwapi.dll
2482396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2483396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2484396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
2485396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2486396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2487396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
2488396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2489396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume6\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2490396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
2491396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2492396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2493396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
2494396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2495396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2496396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2497396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2498396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2499396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2500396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2501396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2502396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2503396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2504396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\user32.dll
2505396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2506396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2507396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2508396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2509396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2510396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wtsapi32.dll) WinVerifyTrust
2511396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wtsapi32.dll
2512396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2513396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume6\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2514396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2515396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2516396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2517396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2518396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2519396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
2520396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\userenv.dll) WinVerifyTrust
2521396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\userenv.dll
2522396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2523396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2524396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\profapi.dll
2525396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2526396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2527396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2528396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2529396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\userenv.dll
2530396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wtsapi32.dll
2531396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2532396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
2533396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'gdi32.dll'.
2534396c.3998: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\GdiPlus.dll)
2535396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\GdiPlus.dll
2536396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4ec40000 LB 0x00025000 C:\Windows\SYSTEM32\USERENV.dll [fFlags=0x0]
2537396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\userenv.dll
2538396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4b7d0000 LB 0x00013000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
2539396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wtsapi32.dll
2540396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb32a10000 LB 0x001a3000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\gdiplus.dll [fFlags=0x0]
2541396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\GdiPlus.dll [avoiding WinVerifyTrust]
2542396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb0fc90000 LB 0x00153000 C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll [fFlags=0x0]
2543396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2544396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb0fc90000 'C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll'
2545396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006b0 pwszName=\Device\HarddiskVolume6\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\GdiPlus.dll
2546396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2547396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2548396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71E106999266D570D72511410FC5942DC35DB369
2549396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2550396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2551396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2552396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2553396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2554396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2555396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2556396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2557396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0419~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\GdiPlus.dll'
2558396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2559396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.18362.900_none_17a9acbe6da6f6e5\GdiPlus.dll'
2560396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50490000 'C:\Windows\system32\user32.dll'
2561396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
2562396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2563396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb514e0000 'C:\Windows\system32\shell32.dll'
2564396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\SHCore.dll
2565396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2566396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50f00000 'C:\Windows\system32\SHCore.dll'
2567396c.3998: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2568396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
2569396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
2570396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2571396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\system32\winmm.dll'
2572396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
2573396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2574396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\system32\winmm.dll'
2575396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
2576396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2577396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb514e0000 'C:\Windows\system32\shell32.dll'
2578396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\uxtheme.dll
2579396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2580396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4d070000 'C:\Windows\system32\uxtheme.dll'
2581396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
2582396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2583396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb51420000 'C:\Windows\system32\advapi32.dll'
2584396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\userenv.dll
2585396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2586396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ec40000 'C:\Windows\system32\userenv.dll'
2587396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll
2588396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2589396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\kernel32.dll'
2590396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb500b0000 LB 0x000a2000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
2591396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2592396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2593396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\clbcatq.dll)
2594396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\clbcatq.dll
2595396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2596396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2597396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2598396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2599396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
2600396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2601396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2602396c.31f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\clbcatq.dll'
2603396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2604396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2605396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2606396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2607396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2608396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2609396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2610396c.31f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2611396c.31f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
2612396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2613396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2614396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
2615396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2616396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2617396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
2618396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2619396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2620396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\advapi32.dll
2621396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2622396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2623396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2624396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2625396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll
2626396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2627396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2628396c.31f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2629396c.31f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
2630396c.31f4: supR3HardenedDllNotificationCallback: load 00007ffaf85e0000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2631396c.31f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
2632396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf85e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2633396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2634396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2635396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2636396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2637396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2638396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2639396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2640396c.31f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2641396c.31f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2642396c.31f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2643396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2644396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2645396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2646396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2647396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
2648396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2649396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2650396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ole32.dll
2651396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2652396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2653396c.31f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shlwapi.dll
2654396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2655396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2656396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2657396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2658396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2659396c.31f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2660396c.31f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2661396c.31f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2662396c.31f4: supR3HardenedDllNotificationCallback: load 00007ffb047f0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2663396c.31f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2664396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb047f0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2665396c.31f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
2666396c.31f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2667396c.31f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ffe0000 'C:\Windows\System32\oleaut32.dll'
2668396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\gdi32.dll
2669396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2670396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50d60000 'C:\Windows\system32\gdi32.dll'
2671396c.3b34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2672396c.3b34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2673396c.3b34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2674396c.3b34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2675396c.3b34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2676396c.3b34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2677396c.3b34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2678396c.3b34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2679396c.3b34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2680396c.3b34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2681396c.3b34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2682396c.3b34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2683396c.3b34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2684396c.3b34: supR3HardenedDllNotificationCallback: load 00007ffb3f330000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2685396c.3b34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2686396c.3b34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3f330000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2687396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb51bd0000 LB 0x00135000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
2688396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2689396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2690396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
2691396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
2692396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
2693396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
2694396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\msctf.dll)
2695396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msctf.dll
2696396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2697396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2698396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2699396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume6\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2700396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\imm32.dll
2701396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2702396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2703396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2704396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2705396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2706396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2707396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\oleaut32.dll
2708396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2709396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2710396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2711396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2712396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\msctf.dll'
2713396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a0 pwszName=\Device\HarddiskVolume6\Windows\System32\DataExchange.dll
2714396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2715396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2716396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF758F581E6ED4B195B000E1E88DA05815FF2C72
2717396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2718396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2719396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\DataExchange.dll'
2720396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2721396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2722396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2723396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
2724396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
2725396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
2726396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\DataExchange.dll) WinVerifyTrust
2727396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\DataExchange.dll
2728396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2729396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume6\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2730396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2731396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2732396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2733396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2734396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dcomp.dll) WinVerifyTrust
2735396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dcomp.dll
2736396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2737396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume6\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2738396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2739396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2740396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
2741396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2742396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2743396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll
2744396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2745396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\crypt32.dll
2746396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2747396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2748396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2749396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
2750396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
2751396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\d3d11.dll) WinVerifyTrust
2752396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\d3d11.dll
2753396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2754396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2755396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll
2756396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2757396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume6\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2758396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\SHCore.dll
2759396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2760396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2761396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2762396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2763396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\win32u.dll
2764396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2765396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume6\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2766396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2767396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2768396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2769396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2770396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dxgi.dll) WinVerifyTrust
2771396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dxgi.dll
2772396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2773396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2774396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2775396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2776396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2777396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2778396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2779396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\DataExchange.dll
2780396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\d3d11.dll
2781396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dcomp.dll
2782396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dxgi.dll
2783396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4da00000 LB 0x000eb000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
2784396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dxgi.dll
2785396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4bf40000 LB 0x0025b000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
2786396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\d3d11.dll
2787396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4c600000 LB 0x001dc000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
2788396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dcomp.dll
2789396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb1d680000 LB 0x0003a000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
2790396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\DataExchange.dll
2791396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50d60000 'C:\Windows\System32\gdi32.dll'
2792396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1d680000 'C:\Windows\system32\dataexchange.dll'
2793396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
2794396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2795396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
2796396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
2797396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\twinapi.appcore.dll)
2798396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\twinapi.appcore.dll
2799396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2800396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2801396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\rmclient.dll)
2802396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\rmclient.dll
2803396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4d5b0000 LB 0x00029000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
2804396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
2805396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4d140000 LB 0x00261000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
2806396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2807396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2808396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2809396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2810396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2811396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2812396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2813396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
2814396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2815396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2816396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll
2817396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2818396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2819396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
2820396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume6\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
2821396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
2822396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2823396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2824396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\rmclient.dll'
2825396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2826396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2827396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\twinapi.appcore.dll'
2828396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\SHCore.dll
2829396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2830396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50f00000 'C:\Windows\system32\Shcore.dll'
2831396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2832396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2833396c.3998: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
2834396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ntdll.dll) WinVerifyTrust
2835396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ntdll.dll
2836396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2837396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb51e60000 'C:\Windows\System32\ntdll.dll'
2838396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2839396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
2840396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
2841396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
2842396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\TextInputFramework.dll)
2843396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\TextInputFramework.dll
2844396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2845396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2846396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
2847396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\CoreUIComponents.dll)
2848396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\CoreUIComponents.dll
2849396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2850396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll)
2851396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll
2852396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ntmarta.dll)
2853396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ntmarta.dll
2854396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2855396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2856396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
2857396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\WinTypes.dll)
2858396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\WinTypes.dll
2859396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4dd60000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
2860396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2861396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4c850000 LB 0x000d4000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
2862396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2863396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4a6d0000 LB 0x00153000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
2864396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2865396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4aa30000 LB 0x0032a000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
2866396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2867396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb4a630000 LB 0x0009e000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
2868396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2869396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2870396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2871396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcryptprimitives.dll
2872396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2873396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2874396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2875396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2876396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll
2877396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2878396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2879396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2880396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume6\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2881396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\SHCore.dll
2882396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2883396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume6\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2884396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2885396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2886396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2887396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2888396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume6\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2889396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2890396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2891396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume6\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2892396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2893396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2894396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2895396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2896396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2897396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2898396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2899396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\WinTypes.dll'
2900396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2901396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2902396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\ntmarta.dll'
2903396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2904396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2905396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll'
2906396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2907396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2908396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\CoreUIComponents.dll'
2909396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2910396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2911396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\TextInputFramework.dll'
2912396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2913396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2914396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50490000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2915396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2916396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2917396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50490000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2918396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2919396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2920396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50840000 'api-ms-win-core-com-l1-1-0.dll'
2921396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2922396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\iertutil.dll)
2923396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\iertutil.dll
2924396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb482d0000 LB 0x002a6000 C:\Windows\System32\iertutil.dll [fFlags=0x0]
2925396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
2926396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2927396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2928396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2929396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2930396c.3998: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\iertutil.dll'
2931396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msctf.dll
2932396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2933396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb51bd0000 'C:\Windows\System32\MSCTF.dll'
2934396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50b80000 'C:\Windows\System32\ole32.dll'
2935396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4ffe0000 'C:\Windows\System32\OLEAUT32.dll'
2936396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume6\Windows\System32\wbem\wbemprox.dll
2937396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2938396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2939396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
2940396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2941396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2942396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\wbem\wbemprox.dll'
2943396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2944396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2945396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2946396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2947396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2948396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wbem\wbemprox.dll
2949396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2950396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume6\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2951396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d0 pwszName=\Device\HarddiskVolume6\Windows\System32\wbemcomn.dll
2952396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2953396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2954396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
2955396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2956396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2957396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\wbemcomn.dll'
2958396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2959396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2960396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2961396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2962396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wbemcomn.dll) WinVerifyTrust
2963396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wbemcomn.dll
2964396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2965396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2966396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
2967396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2968396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2969396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2970396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2971396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
2972396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2973396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2974396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll
2975396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2976396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2977396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2978396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbem\wbemprox.dll
2979396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbemcomn.dll
2980396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb3e400000 LB 0x00084000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2981396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbemcomn.dll
2982396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb3e490000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2983396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbem\wbemprox.dll
2984396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2985396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2986396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2987396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3e490000 'C:\Windows\system32\wbem\wbemprox.dll'
2988396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume6\Windows\System32\wbem\wbemsvc.dll
2989396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
2990396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
2991396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
2992396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
2993396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
2994396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\wbem\wbemsvc.dll'
2995396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2996396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2997396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2998396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2999396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wbem\wbemsvc.dll
3000396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3001396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3002396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3003396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3004396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3005396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbem\wbemsvc.dll
3006396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb3da90000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
3007396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbem\wbemsvc.dll
3008396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3da90000 'C:\Windows\system32\wbem\wbemsvc.dll'
3009396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
3010396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3011396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-localization-l1-2-0.dll'
3012396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
3013396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3014396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
3015396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume6\Windows\System32\wbem\fastprox.dll
3016396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3017396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3018396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
3019396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3020396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3021396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\wbem\fastprox.dll'
3022396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3023396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3024396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
3025396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
3026396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wbem\fastprox.dll
3027396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
3028396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume6\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
3029396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbemcomn.dll
3030396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3031396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3032396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3033396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbem\fastprox.dll
3034396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb3dab0000 LB 0x00101000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
3035396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wbem\fastprox.dll
3036396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3dab0000 'C:\Windows\system32\wbem\fastprox.dll'
3037396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b44 pwszName=\Device\HarddiskVolume6\Windows\System32\amsi.dll
3038396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3039396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3040396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
3041396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3042396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3043396c.3998: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\amsi.dll'
3044396c.3998: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3045396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3046396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
3047396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
3048396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\amsi.dll) WinVerifyTrust
3049396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\amsi.dll
3050396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
3051396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume6\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
3052396c.3998: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\userenv.dll
3053396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3054396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3055396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3056396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3057396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3058396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\amsi.dll
3059396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb3d040000 LB 0x00015000 C:\Windows\System32\amsi.dll [fFlags=0x0]
3060396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\amsi.dll
3061396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3d040000 'C:\Windows\System32\amsi.dll'
3062396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3063396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3064396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3065396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
3066396c.3998: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
3067396c.3998: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll) WinVerifyTrust
3068396c.3998: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll
3069396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3070396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3071396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3072396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3073396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3074396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3075396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3076396c.3998: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3077396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\ESET\ESET Security\eamsi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3078396c.3998: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll
3079396c.3998: supR3HardenedDllNotificationCallback: load 00007ffb3cfb0000 LB 0x0003b000 C:\Program Files\ESET\ESET Security\eamsi.dll [fFlags=0x0]
3080396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\ESET\ESET Security\eamsi.dll
3081396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3082396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3083396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-synch-l1-2-0'
3084396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
3085396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3086396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-fibers-l1-1-1'
3087396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3088396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3089396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-synch-l1-2-0'
3090396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
3091396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3092396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-fibers-l1-1-1'
3093396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
3094396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3095396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-localization-l1-2-1'
3096396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll
3097396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3098396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\kernel32.dll'
3099396c.3998: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll
3100396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3101396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'C:\Windows\System32\kernel32.dll'
3102396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
3103396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3104396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-string-l1-1-0'
3105396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
3106396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3107396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-datetime-l1-1-1'
3108396c.3998: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
3109396c.3998: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3110396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4edf0000 'api-ms-win-core-localization-obsolete-l1-2-0'
3111396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3cfb0000 'C:\Program Files\ESET\ESET Security\eamsi.dll'
3112396c.3998: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb51420000 'C:\Windows\System32\ADVAPI32.dll'
3113396c.c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3114396c.c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3115396c.c70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3116396c.c70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
3117396c.c70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3118396c.c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3119396c.c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3120396c.c70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3121396c.c70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3122396c.c70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3123396c.c70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3124396c.c70: supR3HardenedDllNotificationCallback: load 00007ffaf81b0000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
3125396c.c70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3126396c.c70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf81b0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3127396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3128396c.420: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3129396c.420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3130396c.420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3131396c.420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3132396c.420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3133396c.420: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3134396c.420: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
3135396c.420: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3136396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3137396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3138396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3139396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3140396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3141396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3142396c.420: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3143396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3144396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3145396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3146396c.420: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3147396c.420: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3148396c.420: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3149396c.420: supR3HardenedDllNotificationCallback: load 00007ffb41c90000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
3150396c.420: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3151396c.420: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41c90000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
3152396c.3718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3153396c.3718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3154396c.3718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3155396c.3718: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3156396c.3718: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
3157396c.3718: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3158396c.3718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3159396c.3718: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3160396c.3718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3161396c.3718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3162396c.3718: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3163396c.3718: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3164396c.3718: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll
3165396c.3718: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3166396c.3718: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3167396c.3718: supR3HardenedDllNotificationCallback: load 00007ffb41720000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
3168396c.3718: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3169396c.3718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41720000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
3170396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\shell32.dll
3171396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3172396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb514e0000 'C:\Windows\system32\Shell32.dll'
3173396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3174396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3175396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf81b0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3176396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3177396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3178396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3179396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3180396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3181396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3182396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
3183396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3184396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3185396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3186396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3187396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3188396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3189396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3190396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3191396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3192396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3193396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3194396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3195396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3196396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb416d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
3197396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3198396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb416d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
3199396c.1138: supR3HardenedDllNotificationCallback: Unload 00007ffb416d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
3200396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3201396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3202396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3203396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3204396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3205396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
3206396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
3207396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3208396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3209396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
3210396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
3211396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
3212396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
3213396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD.dll
3214396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
3215396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
3216396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3217396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3218396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
3219396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\IPHLPAPI.DLL
3220396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3221396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3222396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3223396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3224396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
3225396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3226396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3227396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3228396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3229396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3230396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
3231396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
3232396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
3233396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\setupapi.dll) WinVerifyTrust
3234396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\setupapi.dll
3235396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3236396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3237396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
3238396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
3239396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3240396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume6\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3241396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\bcrypt.dll
3242396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3243396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3244396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
3245396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3246396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3247396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3248396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3249396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3250396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3251396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3252396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
3253396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3254396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
3255396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
3256396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3257396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3258396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3259396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3260396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3261396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3262396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3263396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3264396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
3265396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
3266396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
3267396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3268396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3269396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3270396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3271396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3272396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3273396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3274396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3275396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3276396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3277396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3278396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3279396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\setupapi.dll
3280396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3281396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3282396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3283396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3284396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3285396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3286396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3287396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD.dll
3288396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3289396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3290396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\IPHLPAPI.DLL
3291396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb50fb0000 LB 0x00470000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
3292396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\setupapi.dll
3293396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb21ac0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3294396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3295396c.1138: supR3HardenedDllNotificationCallback: load 00007ffaed690000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3296396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3297396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb4e2a0000 LB 0x0003a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
3298396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\IPHLPAPI.DLL
3299396c.1138: supR3HardenedDllNotificationCallback: load 00007ffaedef0000 LB 0x009e6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3300396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD.dll
3301396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaedef0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
3302396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3303396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3304396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3305396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3306396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb416d0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
3307396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
3308396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb416d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
3309396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3310396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxC.dll
3311396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3312396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaf85e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
3313396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3314396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3315396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3316396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaed690000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
3317396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3318396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3319396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3320396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3321396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
3322396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3323396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3324396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3325396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3326396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3327396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3328396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3329396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb416b0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
3330396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
3331396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb416b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
3332396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3333396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3334396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3335396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3336396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
3337396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3338396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3339396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3340396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3341396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3342396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3343396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3344396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb41690000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
3345396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
3346396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41690000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
3347396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3348396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3349396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3350396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3351396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
3352396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3353396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3354396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3355396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3356396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3357396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3358396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3359396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb41670000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
3360396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
3361396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41670000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
3362396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3363396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3364396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3365396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3366396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
3367396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3368396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3369396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3370396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3371396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3372396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3373396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3374396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb41650000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
3375396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
3376396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41650000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
3377396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3378396c.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3379396c.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3380396c.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3381396c.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3382396c.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3383396c.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3384396c.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3385396c.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3386396c.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3387396c.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3388396c.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3389396c.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3390396c.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3391396c.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3392396c.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3393396c.1de0: supR3HardenedDllNotificationCallback: load 00007ffb415f0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3394396c.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3395396c.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb415f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3396396c.26c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3397396c.26c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3398396c.26c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3399396c.26c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3400396c.26c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3401396c.26c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3402396c.26c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3403396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3404396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3405396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3406396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3407396c.26c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3408396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3409396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3410396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3411396c.26c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3412396c.26c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3413396c.26c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3414396c.26c8: supR3HardenedDllNotificationCallback: load 00007ffb41640000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3415396c.26c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3416396c.26c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb41640000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3417396c.26fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3418396c.26fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3419396c.26fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3420396c.26fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3421396c.26fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3422396c.26fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3423396c.26fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3424396c.26fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3425396c.26fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3426396c.26fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3427396c.26fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3428396c.26fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3429396c.26fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3430396c.26fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3431396c.26fc: supR3HardenedDllNotificationCallback: load 00007ffb3fe00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3432396c.26fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3433396c.26fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3fe00000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3434396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3435396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3436396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3437396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3438396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3439396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3440396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3441396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3442396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3443396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3444396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3445396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3446396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb3bc90000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3447396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3448396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bc90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
3449396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\IPHLPAPI.DLL
3450396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3451396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e2a0000 'C:\Windows\system32\Iphlpapi.dll'
3452396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3453396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
3454396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\winnsi.dll)
3455396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\winnsi.dll
3456396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb51de0000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
3457396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\nsi.dll)
3458396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\nsi.dll
3459396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb31ee0000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
3460396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
3461396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3462396c.1138: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\dhcpcsvc6.dll)
3463396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dhcpcsvc6.dll
3464396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb31ab0000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
3465396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
3466396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3467396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
3468396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
3469396c.1138: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\dhcpcsvc.dll)
3470396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dhcpcsvc.dll
3471396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb319e0000 LB 0x0001c000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
3472396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
3473396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
3474396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
3475396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dnsapi.dll)
3476396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dnsapi.dll
3477396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb4e2e0000 LB 0x000cb000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
3478396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
3479396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3480396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume6\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3481396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3482396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3483396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3484396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
3485396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3486396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume6\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3487396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3488396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3489396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3490396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
3491396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3492396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3493396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3494396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3495396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3496396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume6\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3497396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\nsi.dll [lacks WinVerifyTrust]
3498396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3499396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3500396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3501396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3502396c.1138: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\dnsapi.dll'
3503396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f4c pwszName=\Device\HarddiskVolume6\Windows\System32\dhcpcsvc.dll
3504396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3505396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3506396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4046160B2B0DC0559D0AE96A25C912515D96829D
3507396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3508396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3509396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\dhcpcsvc.dll'
3510396c.1138: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3511396c.1138: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\dhcpcsvc.dll'
3512396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f44 pwszName=\Device\HarddiskVolume6\Windows\System32\dhcpcsvc6.dll
3513396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3514396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3515396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8A4B35134FE83EA6C710EA68891208811F657FE
3516396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rsaenh.dll
3517396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3518396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3519396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3520396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\dhcpcsvc6.dll'
3521396c.1138: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3522396c.1138: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\dhcpcsvc6.dll'
3523396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3524396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3525396c.1138: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\nsi.dll'
3526396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3527396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3528396c.1138: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\winnsi.dll'
3529396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3530396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3531396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3532396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3533396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3534396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3535396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3536396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3537396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume6\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3538396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3539396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3540396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3541396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\devobj.dll) WinVerifyTrust
3542396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\devobj.dll
3543396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3544396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3545396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3546396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3547396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
3548396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3549396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3550396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\cfgmgr32.dll
3551396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3552396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3553396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\devobj.dll
3554396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb4eb20000 LB 0x0002a000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
3555396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\devobj.dll
3556396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb47780000 LB 0x00072000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
3557396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3558396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb47780000 'C:\Windows\System32\MMDevApi.dll'
3559396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000102c pwszName=\Device\HarddiskVolume6\Windows\System32\dsound.dll
3560396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3561396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3562396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
3563396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3564396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3565396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\dsound.dll'
3566396c.1138: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3567396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3568396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
3569396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dsound.dll) WinVerifyTrust
3570396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dsound.dll
3571396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3572396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3573396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
3574396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3575396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3576396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcrt.dll
3577396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3578396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3579396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb3bbf0000 LB 0x00099000 C:\Windows\System32\dsound.dll [fFlags=0x0]
3580396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3581396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3582396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3583396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\System32\dsound.dll'
3584396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\System32\dsound.dll'
3585396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3586396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3587396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3588396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3589396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3590396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb47780000 'C:\Windows\System32\MMDEVAPI.DLL'
3591396c.1324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3592396c.1324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3593396c.1324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3594396c.1324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3595396c.1324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3596396c.1324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
3597396c.1324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\AudioSes.dll) WinVerifyTrust
3598396c.1324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\AudioSes.dll
3599396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3600396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3601396c.1324: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3602396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3603396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3604396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3605396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3606396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3607396c.1324: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3608396c.1324: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msvcp_win.dll
3609396c.1324: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3610396c.1324: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\AudioSes.dll
3611396c.1324: supR3HardenedDllNotificationCallback: load 00007ffb47800000 LB 0x0015d000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
3612396c.1324: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\AudioSes.dll
3613396c.1324: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb47800000 'C:\Windows\System32\AUDIOSES.DLL'
3614396c.1324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3615396c.1324: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3616396c.1324: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ResourcePolicyClient.dll)
3617396c.1324: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ResourcePolicyClient.dll
3618396c.1324: supR3HardenedDllNotificationCallback: load 00007ffb4d3b0000 LB 0x00014000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
3619396c.1324: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
3620396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3621396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3622396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\rpcrt4.dll
3623396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3624396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3625396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3626396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3627396c.1138: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\ResourcePolicyClient.dll'
3628396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
3629396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3630396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3631396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b8 pwszName=\Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3632396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3633396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3634396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
3635396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3636396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3637396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\wdmaud.drv'
3638396c.1138: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3639396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3640396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3641396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
3642396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
3643396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\wdmaud.drv) WinVerifyTrust
3644396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3645396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3646396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3647396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3648396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3649396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\avrt.dll) WinVerifyTrust
3650396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\avrt.dll
3651396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3652396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume6\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3653396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3654396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3655396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3656396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\ksuser.dll) WinVerifyTrust
3657396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\ksuser.dll
3658396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3659396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3660396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3661396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3662396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3663396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3664396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3665396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3666396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3667396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ksuser.dll
3668396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\avrt.dll
3669396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb1edf0000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
3670396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ksuser.dll
3671396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb4b240000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
3672396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\avrt.dll
3673396c.1138: supR3HardenedDllNotificationCallback: load 00007ffafff40000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
3674396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3675396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafff40000 'C:\Windows\System32\wdmaud.drv'
3676396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3677396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3678396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafff40000 'C:\Windows\System32\wdmaud.drv'
3679396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3680396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3681396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafff40000 'C:\Windows\System32\wdmaud.drv'
3682396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3683396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3684396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafff40000 'C:\Windows\System32\wdmaud.drv'
3685396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\wdmaud.drv
3686396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3687396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffafff40000 'C:\Windows\System32\wdmaud.drv'
3688396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010f0 pwszName=\Device\HarddiskVolume6\Windows\System32\msacm32.drv
3689396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3690396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3691396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
3692396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3693396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3694396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\msacm32.drv'
3695396c.1138: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3696396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3697396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3698396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3699396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3700396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\msacm32.drv) WinVerifyTrust
3701396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3702396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3703396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3704396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmmbase.dll
3705396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3706396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume6\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3707396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3708396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3709396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3710396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\msacm32.dll) WinVerifyTrust
3711396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\msacm32.dll
3712396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3713396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3714396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\MMDevAPI.dll
3715396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3716396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3717396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3718396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3719396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3720396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3721396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.dll
3722396c.1138: supR3HardenedDllNotificationCallback: load 00007ffaffed0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
3723396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.dll
3724396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb17cc0000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0]
3725396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3726396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3727396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3728396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3729396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3730396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3731396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3732396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3733396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3734396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3735396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3736396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3737396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3738396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3739396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3740396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3741396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3742396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\msacm32.drv
3743396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3744396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3745396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3746396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3747396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb17cc0000 'C:\Windows\System32\msacm32.drv'
3748396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000110c pwszName=\Device\HarddiskVolume6\Windows\System32\midimap.dll
3749396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3750396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3751396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
3752396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3753396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3754396c.1138: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\midimap.dll'
3755396c.1138: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3756396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3757396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3758396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\midimap.dll) WinVerifyTrust
3759396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\midimap.dll
3760396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3761396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume6\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3762396c.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
3763396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3764396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3765396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3766396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\midimap.dll
3767396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb11d30000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
3768396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\midimap.dll
3769396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11d30000 'C:\Windows\System32\midimap.dll'
3770396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\midimap.dll
3771396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3772396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11d30000 'C:\Windows\System32\midimap.dll'
3773396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\midimap.dll
3774396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3775396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11d30000 'C:\Windows\System32\midimap.dll'
3776396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\midimap.dll
3777396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3778396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb11d30000 'C:\Windows\System32\midimap.dll'
3779396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3780396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3781396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3782396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3783396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3784396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3785396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3786396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3787396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3788396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3789396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3790396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3791396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3792396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3793396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
3794396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
3795396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
3796396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\d3d9.dll) WinVerifyTrust
3797396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\d3d9.dll
3798396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
3799396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume6\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
3800396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3801396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3802396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3803396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
3804396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
3805396c.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
3806396c.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\dwmapi.dll) WinVerifyTrust
3807396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
3808396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3809396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3810396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3811396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3812396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3813396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3814396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3815396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3816396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3817396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume6\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3818396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3819396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3820396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3821396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3822396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3823396c.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3824396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3825396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\d3d9.dll
3826396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
3827396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb4d4a0000 LB 0x0002d000 C:\Windows\SYSTEM32\dwmapi.dll [fFlags=0x0]
3828396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dwmapi.dll
3829396c.1138: supR3HardenedDllNotificationCallback: load 00007ffb3a8a0000 LB 0x001c7000 C:\Windows\system32\d3d9.dll [fFlags=0x0]
3830396c.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\d3d9.dll
3831396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3a8a0000 'C:\Windows\system32\d3d9.dll'
3832396c.1138: \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll: Owner is administrators group.
3833396c.1138: \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x5eefd0b2; retrying against current time: 0x5f0507c5.
3834396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3835396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3836396c.1138: supHardenedWinVerifyImageByHandle: -> -23033 (\Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll) WinVerifyTrust
3837396c.1138: Error (rc=0):
3838396c.1138: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23033 (0xffffa607) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll: Certificate is not valid (ValidTime=2020-06-21T21:27:51.000000000Z Validity=[2018-07-18T17:42:53.000000000Z...2019-07-18T17:42:53.000000000Z]): \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll
3839396c.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll
3840396c.1138: Error (rc=0):
3841396c.1138: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll' (C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll): rcNt=0xc0000190
3842396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll'
3843396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50d60000 'C:\Windows\System32\gdi32.dll'
3844396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -23033 (0xffffa607)) on \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll
3845396c.1138: Error (rc=0):
3846396c.1138: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -23033 (0xffffa607) fImage=1 fProtect=0x2 fAccess=0x5 cHits=1 \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll
3847396c.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -23033 (0xffffa607)) on \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll
3848396c.1138: Error (rc=0):
3849396c.1138: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -23033 (0xffffa607) fImage=1 fProtect=0x2 fAccess=0x5 cHits=2 \Device\HarddiskVolume6\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ccad5caddc3a3d35\nvldumdx.dll
3850396c.24f4: '\Device\HarddiskVolume6\Windows\System32\tzres.dll' has no imports
3851396c.24f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume6\Windows\System32\tzres.dll)
3852396c.24f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\tzres.dll
3853396c.24f4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001324 (hFile=000000000000131c) with 0xc0000022 -> STATUS_TRUST_FAILURE
3854396c.24f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume6\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
3855396c.24f4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000131c (hFile=0000000000001324) with 0xc0000022 -> STATUS_TRUST_FAILURE
3856396c.1150: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001320 pwszName=\Device\HarddiskVolume6\Windows\System32\tzres.dll
3857396c.1150: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000e98890
3858396c.1150: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000e98890
3859396c.1150: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=88837B0A9EBB242B4E4FB904A333C960EF93AE6F
3860396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
3861396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
3862396c.1150: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.900.cat'; file='\Device\HarddiskVolume6\Windows\System32\tzres.dll'
3863396c.1150: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3864396c.1150: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume6\Windows\System32\tzres.dll'
3865396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3866396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3867396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3868396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3869396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
3870396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3871396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3872396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3873396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3874396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3875396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3876396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3877396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3878396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3879396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3880396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3881396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3882396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3883396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3884396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3885396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3886396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3887396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3888396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3889396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3890396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3891396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3892396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3893396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3894396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3895396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3896396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
3897396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3898396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3899396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3900396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3901396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3902396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3903396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3904396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3905396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3906396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3907396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3908396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3909396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3910396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3911396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3912396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3913396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3914396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3915396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3916396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3917396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
3918396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3919396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3920396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3921396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3922396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3923396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3924396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3925396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3926396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3927396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3928396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3929396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3930396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3931396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3932396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3933396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3934396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3935396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3936396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3937396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3938396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3939396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3940396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
3941396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3942396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3943396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3944396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3945396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3946396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3947396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3948396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3949396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3950396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3951396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3952396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3953396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3954396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3955396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3956396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3957396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3958396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3959396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3960396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3961396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3962396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3963396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3964396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3965396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3966396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3967396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3968396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3969396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3970396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3971396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3972396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3973396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3974396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3975396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3976396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3977396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3978396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3979396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3980396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3981396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3982396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3983396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3984396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3985396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3986396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3987396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3988396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3989396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3990396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3991396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3992396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3993396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
3994396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3995396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3996396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3997396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3998396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
3999396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
4000396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4001396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4002396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4003396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4004396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4005396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
4006396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4007396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4008396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4009396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4010396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4011396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
4012396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4013396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4014396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4015396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4016396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4017396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\dsound.dll
4018396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4019396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
4020396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4021396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\winmm.dll
4022396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4023396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4024396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4025396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4026396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4027396c.24f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
4028396c.24f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
4029396c.24f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
4030396c.24f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
4031396c.24f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\mswsock.dll) WinVerifyTrust
4032396c.24f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\mswsock.dll
4033396c.24f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4034396c.24f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4035396c.24f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
4036396c.24f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume6\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
4037396c.24f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\ws2_32.dll
4038396c.24f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4039396c.24f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\mswsock.dll
4040396c.24f4: supR3HardenedDllNotificationCallback: load 00007ffb4e590000 LB 0x00067000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
4041396c.24f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\mswsock.dll
4042396c.24f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e590000 'C:\Windows\system32\mswsock.dll'
4043396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb3bbf0000 'C:\Windows\system32\dsound.dll'
4044396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4045396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4046396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4047396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4048396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4c810000 'C:\Windows\System32\winmm.dll'
4049396c.420: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50490000 'C:\Windows\system32\User32.dll'
4050396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
4051396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
4052396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4053396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
4054396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
4055396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
4056396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'textinputframework.dll'.
4057396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'inputhost.dll'.
4058396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
4059396c.1150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\Windows.UI.dll) WinVerifyTrust
4060396c.1150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\Windows.UI.dll
4061396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4062396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume6\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4063396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'inputhost.dll'...
4064396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'inputhost.dll' -> '\Device\HarddiskVolume6\Windows\System32\inputhost.dll' [rcNtRedir=0xc0150008]
4065396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
4066396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
4067396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
4068396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'coremessaging.dll'.
4069396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'coreuicomponents.dll'.
4070396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'propsys.dll'.
4071396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'shcore.dll'.
4072396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'win32u.dll'.
4073396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
4074396c.1150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\InputHost.dll) WinVerifyTrust
4075396c.1150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\InputHost.dll
4076396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
4077396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume6\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
4078396c.1150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\TextInputFramework.dll
4079396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
4080396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume6\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
4081396c.1150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\SHCore.dll
4082396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4083396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4084396c.1150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\combase.dll
4085396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4086396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4087396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4088396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4089396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4090396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume6\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4091396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
4092396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume6\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
4093396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
4094396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume6\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
4095396c.1150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\SHCore.dll
4096396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
4097396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume6\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
4098396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4e100000 'C:\Windows\system32\rsaenh.dll'
4099396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4fd40000 'C:\Windows\System32\crypt32.dll'
4100396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
4101396c.1150: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
4102396c.1150: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\propsys.dll) WinVerifyTrust
4103396c.1150: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\propsys.dll
4104396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
4105396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume6\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
4106396c.1150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreUIComponents.dll
4107396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
4108396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume6\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
4109396c.1150: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\CoreMessaging.dll
4110396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
4111396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume6\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
4112396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4113396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume6\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4114396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
4115396c.1150: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume6\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
4116396c.1150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
4117396c.1150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\Windows.UI.dll
4118396c.1150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\InputHost.dll
4119396c.1150: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\propsys.dll
4120396c.1150: supR3HardenedDllNotificationCallback: load 00007ffb4b6b0000 LB 0x000f0000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
4121396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\propsys.dll
4122396c.1150: supR3HardenedDllNotificationCallback: load 00007ffb4a510000 LB 0x0011b000 C:\Windows\System32\InputHost.dll [fFlags=0x0]
4123396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\InputHost.dll
4124396c.1150: supR3HardenedDllNotificationCallback: load 00007ffb4a830000 LB 0x00151000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
4125396c.1150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\Windows.UI.dll
4126396c.1150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4a830000 'C:\Windows\System32\Windows.UI.dll'
4127396c.25b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\avrt.dll
4128396c.25b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4129396c.25b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb4b240000 'C:\Windows\System32\avrt.dll'
4130396c.1138: KiUserExceptionDispatcher: 0xc0000005 (0000000000000000, 0000000000000000) @ 00007ffaedf7f43c (flags=0x0)
4131 rax=0000000000000020 rbx=0000000000000000 rcx=0000000000000000 rdx=0000000000000020
4132 rsi=0000000000000000 rdi=0000000007304e10 r8 =0000000000000016 r9 =0000000000000016
4133 r10=000000000b5af178 r11=0000000006f0092b r12=0000000007304e10 r13=000000000f870140
4134 r14=000000000f890000 r15=0000000000000000 P1=0000000000000030 P2=0000000000da0d80
4135 rip=00007ffaedf7f43c rsp=000000000b5af0a0 rbp=0000000000000016 ctxflags=0010005f
4136 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010246 mxcrx=00001fa0
4137 P3=0000000000000030 P4=0000000000000000 P5=0000000000000028 P6=0000000000000000
4138 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
4139 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000029 dcr=000000000b5af040
4140 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4141396c.1138: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
4142396c.1138: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4143396c.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb50330000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
4144fbc.10ac: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 78904 ms, the end);
41453b0c.3b68: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 79587 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy