VirtualBox

Ticket #19324: VBoxHardening - Audio Crash 2.log

File VBoxHardening - Audio Crash 2.log, 477.9 KB (added by Mark Cranness, 5 years ago)

Hardening log associated with crash

Line 
1a9c.2fd8: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000094 g_uNtVerCombined=0xa047ba00
2a9c.2fd8: \SystemRoot\System32\ntdll.dll:
3a9c.2fd8: CreationTime: 2020-03-11T07:58:50.504082000Z
4a9c.2fd8: LastWriteTime: 2020-03-11T07:58:50.530434200Z
5a9c.2fd8: ChangeTime: 2020-03-16T01:14:28.400788500Z
6a9c.2fd8: FileAttributes: 0x20
7a9c.2fd8: Size: 0x1e8450
8a9c.2fd8: NT Headers: 0xd8
9a9c.2fd8: Timestamp: 0x64d10ee0
10a9c.2fd8: Machine: 0x8664 - amd64
11a9c.2fd8: Timestamp: 0x64d10ee0
12a9c.2fd8: Image Version: 10.0
13a9c.2fd8: SizeOfImage: 0x1f0000 (2031616)
14a9c.2fd8: Resource Dir: 0x17f000 LB 0x6f310
15a9c.2fd8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16a9c.2fd8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17a9c.2fd8: ProductName: Microsoft® Windows® Operating System
18a9c.2fd8: ProductVersion: 10.0.18362.719
19a9c.2fd8: FileVersion: 10.0.18362.719 (WinBuild.160101.0800)
20a9c.2fd8: FileDescription: NT Layer DLL
21a9c.2fd8: \SystemRoot\System32\kernel32.dll:
22a9c.2fd8: CreationTime: 2019-09-10T22:39:29.514755700Z
23a9c.2fd8: LastWriteTime: 2019-09-10T22:39:29.527443800Z
24a9c.2fd8: ChangeTime: 2020-03-11T07:59:19.988041300Z
25a9c.2fd8: FileAttributes: 0x20
26a9c.2fd8: Size: 0xb0570
27a9c.2fd8: NT Headers: 0xe8
28a9c.2fd8: Timestamp: 0xd0cecc10
29a9c.2fd8: Machine: 0x8664 - amd64
30a9c.2fd8: Timestamp: 0xd0cecc10
31a9c.2fd8: Image Version: 10.0
32a9c.2fd8: SizeOfImage: 0xb2000 (729088)
33a9c.2fd8: Resource Dir: 0xb0000 LB 0x520
34a9c.2fd8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35a9c.2fd8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36a9c.2fd8: ProductName: Microsoft® Windows® Operating System
37a9c.2fd8: ProductVersion: 10.0.18362.329
38a9c.2fd8: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
39a9c.2fd8: FileDescription: Windows NT BASE API Client DLL
40a9c.2fd8: \SystemRoot\System32\KernelBase.dll:
41a9c.2fd8: CreationTime: 2020-03-11T07:58:50.954017800Z
42a9c.2fd8: LastWriteTime: 2020-03-11T07:58:50.998913800Z
43a9c.2fd8: ChangeTime: 2020-03-16T01:14:27.697829200Z
44a9c.2fd8: FileAttributes: 0x20
45a9c.2fd8: Size: 0x2a3e38
46a9c.2fd8: NT Headers: 0xf0
47a9c.2fd8: Timestamp: 0xb31987d3
48a9c.2fd8: Machine: 0x8664 - amd64
49a9c.2fd8: Timestamp: 0xb31987d3
50a9c.2fd8: Image Version: 10.0
51a9c.2fd8: SizeOfImage: 0x2a3000 (2764800)
52a9c.2fd8: Resource Dir: 0x27d000 LB 0x548
53a9c.2fd8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54a9c.2fd8: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55a9c.2fd8: ProductName: Microsoft® Windows® Operating System
56a9c.2fd8: ProductVersion: 10.0.18362.719
57a9c.2fd8: FileVersion: 10.0.18362.719 (WinBuild.160101.0800)
58a9c.2fd8: FileDescription: Windows NT BASE API Client DLL
59a9c.2fd8: \SystemRoot\System32\apisetschema.dll:
60a9c.2fd8: CreationTime: 2019-03-19T04:43:54.837151500Z
61a9c.2fd8: LastWriteTime: 2019-03-19T04:43:54.837151500Z
62a9c.2fd8: ChangeTime: 2020-03-11T07:59:19.976329300Z
63a9c.2fd8: FileAttributes: 0x20
64a9c.2fd8: Size: 0x1d028
65a9c.2fd8: NT Headers: 0xc8
66a9c.2fd8: Timestamp: 0xd6ced080
67a9c.2fd8: Machine: 0x8664 - amd64
68a9c.2fd8: Timestamp: 0xd6ced080
69a9c.2fd8: Image Version: 10.0
70a9c.2fd8: SizeOfImage: 0x1e000 (122880)
71a9c.2fd8: Resource Dir: 0x1d000 LB 0x408
72a9c.2fd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73a9c.2fd8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74a9c.2fd8: ProductName: Microsoft® Windows® Operating System
75a9c.2fd8: ProductVersion: 10.0.18362.1
76a9c.2fd8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
77a9c.2fd8: FileDescription: ApiSet Schema DLL
78a9c.2fd8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79a9c.2fd8: supR3HardenedWinFindAdversaries: 0x80
80a9c.2fd8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
81a9c.2fd8: CreationTime: 2018-09-06T04:58:57.414771000Z
82a9c.2fd8: LastWriteTime: 2018-09-27T21:40:37.008033600Z
83a9c.2fd8: ChangeTime: 2019-08-11T01:35:40.506356200Z
84a9c.2fd8: FileAttributes: 0x20
85a9c.2fd8: Size: 0x3f520
86a9c.2fd8: NT Headers: 0xf8
87a9c.2fd8: Timestamp: 0x5b568210
88a9c.2fd8: Machine: 0x8664 - amd64
89a9c.2fd8: Timestamp: 0x5b568210
90a9c.2fd8: Image Version: 10.0
91a9c.2fd8: SizeOfImage: 0x41000 (266240)
92a9c.2fd8: Resource Dir: 0x3f000 LB 0x3b8
93a9c.2fd8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
94a9c.2fd8: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
95a9c.2fd8: ProductName: Malwarebytes SwissArmy
96a9c.2fd8: ProductVersion: 4.3.0.161
97a9c.2fd8: FileVersion: 4.3.0.161
98a9c.2fd8: FileDescription: Malwarebytes SwissArmy
99a9c.2fd8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
100a9c.2fd8: Calling main()
101a9c.2fd8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
102a9c.2fd8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
103a9c.2fd8: SUPR3HardenedMain: Respawn #1
104a9c.2fd8: System32: \Device\HarddiskVolume4\Windows\System32
105a9c.2fd8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
106a9c.2fd8: KnownDllPath: C:\WINDOWS\System32
107a9c.2fd8: supR3HardenedWinInit: Performing a limited self purification...
108a9c.2fd8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
109a9c.2fd8: *0000000000000000-00000000003dffff 0x0001/0x0000 0x0000000
110a9c.2fd8: *00000000003e0000-00000000003effff 0x0004/0x0004 0x0040000
111a9c.2fd8: 00000000003f0000-00000000003fffff 0x0001/0x0000 0x0000000
112a9c.2fd8: *0000000000400000-000000000058bfff 0x0000/0x0004 0x0020000
113a9c.2fd8: 000000000058c000-000000000058efff 0x0004/0x0004 0x0020000
114a9c.2fd8: 000000000058f000-00000000005fffff 0x0000/0x0004 0x0020000
115a9c.2fd8: *0000000000600000-000000000061afff 0x0002/0x0002 0x0040000
116a9c.2fd8: 000000000061b000-000000000061ffff 0x0001/0x0000 0x0000000
117a9c.2fd8: *0000000000620000-00000000006d0fff 0x0000/0x0004 0x0020000
118a9c.2fd8: 00000000006d1000-00000000006d3fff 0x0104/0x0004 0x0020000
119a9c.2fd8: 00000000006d4000-000000000071ffff 0x0004/0x0004 0x0020000
120a9c.2fd8: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
121a9c.2fd8: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
122a9c.2fd8: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000
123a9c.2fd8: 0000000000732000-000000000073ffff 0x0001/0x0000 0x0000000
124a9c.2fd8: *0000000000740000-0000000000806fff 0x0002/0x0002 0x0040000
125a9c.2fd8: 0000000000807000-000000000080ffff 0x0001/0x0000 0x0000000
126a9c.2fd8: *0000000000810000-0000000000810fff 0x0004/0x0004 0x0020000
127a9c.2fd8: 0000000000811000-0000000000841fff 0x0000/0x0004 0x0020000
128a9c.2fd8: 0000000000842000-000000000086ffff 0x0001/0x0000 0x0000000
129a9c.2fd8: *0000000000870000-0000000000880fff 0x0004/0x0004 0x0020000
130a9c.2fd8: 0000000000881000-000000000096ffff 0x0000/0x0004 0x0020000
131a9c.2fd8: *0000000000970000-0000000000971fff 0x0004/0x0004 0x0020000
132a9c.2fd8: 0000000000972000-00000000009a1fff 0x0000/0x0004 0x0020000
133a9c.2fd8: 00000000009a2000-00000000009affff 0x0001/0x0000 0x0000000
134a9c.2fd8: *00000000009b0000-00000000009ccfff 0x0004/0x0004 0x0020000
135a9c.2fd8: 00000000009cd000-0000000000aaffff 0x0000/0x0004 0x0020000
136a9c.2fd8: 0000000000ab0000-0000000000b4ffff 0x0001/0x0000 0x0000000
137a9c.2fd8: *0000000000b50000-0000000000b5efff 0x0004/0x0004 0x0020000
138a9c.2fd8: 0000000000b5f000-0000000000b5ffff 0x0000/0x0004 0x0020000
139a9c.2fd8: *0000000000b60000-0000000000b6efff 0x0000/0x0004 0x0020000
140a9c.2fd8: 0000000000b6f000-0000000000d5ffff 0x0004/0x0004 0x0020000
141a9c.2fd8: 0000000000d60000-0000000000d60fff 0x0000/0x0004 0x0020000
142a9c.2fd8: 0000000000d61000-000000007ffdffff 0x0001/0x0000 0x0000000
143a9c.2fd8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
144a9c.2fd8: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
145a9c.2fd8: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
146a9c.2fd8: 000000007ffe5000-00007ff42d3fffff 0x0001/0x0000 0x0000000
147a9c.2fd8: *00007ff42d400000-00007ff42d404fff 0x0002/0x0002 0x0040000
148a9c.2fd8: 00007ff42d405000-00007ff42d4fffff 0x0000/0x0002 0x0040000
149a9c.2fd8: *00007ff42d500000-00007ff52d51ffff 0x0000/0x0004 0x0020000
150a9c.2fd8: *00007ff52d520000-00007ff52f51ffff 0x0000/0x0004 0x0020000
151a9c.2fd8: 00007ff52f520000-00007ff52f520fff 0x0004/0x0004 0x0020000
152a9c.2fd8: 00007ff52f521000-00007ff52f52ffff 0x0001/0x0000 0x0000000
153a9c.2fd8: *00007ff52f530000-00007ff52f530fff 0x0002/0x0002 0x0040000
154a9c.2fd8: 00007ff52f531000-00007ff52f53ffff 0x0001/0x0000 0x0000000
155a9c.2fd8: *00007ff52f540000-00007ff52f562fff 0x0002/0x0002 0x0040000
156a9c.2fd8: 00007ff52f563000-00007ff65c68ffff 0x0001/0x0000 0x0000000
157a9c.2fd8: *00007ff65c690000-00007ff65c690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
158a9c.2fd8: 00007ff65c691000-00007ff65c706fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
159a9c.2fd8: 00007ff65c707000-00007ff65c707fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
160a9c.2fd8: 00007ff65c708000-00007ff65c74ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
161a9c.2fd8: 00007ff65c750000-00007ff65c752fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
162a9c.2fd8: 00007ff65c753000-00007ff65c755fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
163a9c.2fd8: 00007ff65c756000-00007ff65c758fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
164a9c.2fd8: 00007ff65c759000-00007ff65c759fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
165a9c.2fd8: 00007ff65c75a000-00007ff65c75bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
166a9c.2fd8: 00007ff65c75c000-00007ff65c75cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
167a9c.2fd8: 00007ff65c75d000-00007ff65c7a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
168a9c.2fd8: 00007ff65c7a6000-00007ffecff9ffff 0x0001/0x0000 0x0000000
169a9c.2fd8: *00007ffecffa0000-00007ffecffa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
170a9c.2fd8: 00007ffecffa1000-00007ffecffedfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
171a9c.2fd8: 00007ffecffee000-00007ffed000ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
172a9c.2fd8: 00007ffed0010000-00007ffed0012fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
173a9c.2fd8: 00007ffed0013000-00007ffed002efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apphelp.dll
174a9c.2fd8: 00007ffed002f000-00007ffed1fbffff 0x0001/0x0000 0x0000000
175a9c.2fd8: *00007ffed1fc0000-00007ffed1fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
176a9c.2fd8: 00007ffed1fc1000-00007ffed20c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
177a9c.2fd8: 00007ffed20c6000-00007ffed2227fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
178a9c.2fd8: 00007ffed2228000-00007ffed222bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
179a9c.2fd8: 00007ffed222c000-00007ffed222cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
180a9c.2fd8: 00007ffed222d000-00007ffed2262fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
181a9c.2fd8: 00007ffed2263000-00007ffed388ffff 0x0001/0x0000 0x0000000
182a9c.2fd8: *00007ffed3890000-00007ffed3890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
183a9c.2fd8: 00007ffed3891000-00007ffed3905fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
184a9c.2fd8: 00007ffed3906000-00007ffed3937fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
185a9c.2fd8: 00007ffed3938000-00007ffed3938fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
186a9c.2fd8: 00007ffed3939000-00007ffed3939fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
187a9c.2fd8: 00007ffed393a000-00007ffed3941fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
188a9c.2fd8: 00007ffed3942000-00007ffed4efffff 0x0001/0x0000 0x0000000
189a9c.2fd8: *00007ffed4f00000-00007ffed4f00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
190a9c.2fd8: 00007ffed4f01000-00007ffed5017fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
191a9c.2fd8: 00007ffed5018000-00007ffed505efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
192a9c.2fd8: 00007ffed505f000-00007ffed505ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
193a9c.2fd8: 00007ffed5060000-00007ffed5061fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
194a9c.2fd8: 00007ffed5062000-00007ffed506afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
195a9c.2fd8: 00007ffed506b000-00007ffed50effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
196a9c.2fd8: 00007ffed50f0000-00007ffffffeffff 0x0001/0x0000 0x0000000
197a9c.2fd8: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
198a9c.2fd8: kernelbase.dll: timestamp 0xb31987d3 (rc=VINF_SUCCESS)
199a9c.2fd8: apphelp.dll: timestamp 0xff74693c (rc=VINF_SUCCESS)
200a9c.2fd8: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
201a9c.2fd8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
202a9c.2fd8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
203a9c.2fd8: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
204a9c.2fd8: 00007ffecffefe98 / 0x004fe98: 60 != e0
205a9c.2fd8: 00007ffecffefe99 / 0x004fe99: e2 != ed
206a9c.2fd8: 00007ffecffefe9a / 0x004fe9a: 03 != 8a
207a9c.2fd8: 00007ffecffefe9b / 0x004fe9b: d2 != d3
208a9c.2fd8: 00007ffecffefea0 / 0x004fea0: d0 != 50
209a9c.2fd8: 00007ffecffefea1 / 0x004fea1: 0a != 5e
210a9c.2fd8: 00007ffecffefea2 / 0x004fea2: 01 != 8a
211a9c.2fd8: 00007ffecffefea3 / 0x004fea3: d2 != d3
212a9c.2fd8: 00007ffecffefea8 / 0x004fea8: d0 != b0
213a9c.2fd8: 00007ffecffefea9 / 0x004fea9: 48 != 1d
214a9c.2fd8: 00007ffecffefeaa / 0x004feaa: 02 != 8b
215a9c.2fd8: 00007ffecffefeab / 0x004feab: d2 != d3
216a9c.2fd8: 00007ffecffefeb0 / 0x004feb0: 20 != 50
217a9c.2fd8: 00007ffecffefeb1 / 0x004feb1: a8 != b7
218a9c.2fd8: 00007ffecffefeb2 / 0x004feb2: 02 != 8a
219a9c.2fd8: 00007ffecffefeb3 / 0x004feb3: d2 != d3
220a9c.2fd8: 00007ffecffefeb8 / 0x004feb8: 90 != c0
221a9c.2fd8: 00007ffecffefeb9 / 0x004feb9: 23 != 1d
222a9c.2fd8: 00007ffecffefeba / 0x004feba: 02 != 8b
223a9c.2fd8: 00007ffecffefebb / 0x004febb: d2 != d3
224a9c.2fd8: 00007ffecffefec0 / 0x004fec0: 60 != 40
225a9c.2fd8: 00007ffecffefec1 / 0x004fec1: bd != be
226a9c.2fd8: 00007ffecffefec2 / 0x004fec2: 01 != 8a
227a9c.2fd8: 00007ffecffefec3 / 0x004fec3: d2 != d3
228a9c.2fd8: 00007ffecffefec8 / 0x004fec8: 80 != 60
229a9c.2fd8: 00007ffecffefec9 / 0x004fec9: 67 != a1
230a9c.2fd8: 00007ffecffefeca / 0x004feca: 02 != 8a
231a9c.2fd8: 00007ffecffefecb / 0x004fecb: d2 != d3
232a9c.2fd8: 00007ffecffefed8 / 0x004fed8: e0 != a0
233a9c.2fd8: 00007ffecffefed9 / 0x004fed9: 72 != a1
234a9c.2fd8: 00007ffecffefeda / 0x004feda: fe != 8a
235a9c.2fd8: 00007ffecffefedb / 0x004fedb: d1 != d3
236a9c.2fd8: Restored 0x2000 bytes of original file content at 00007ffecffee000
237a9c.2fd8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=1
238a9c.2fd8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
239a9c.2fd8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
240a9c.2fd8: supR3HardNtEnableThreadCreationEx:
241a9c.2fd8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed4f717f0 pvNtTerminateThread=00007ffed4f9cb10
242a9c.2fd8: supR3HardenedWinDoReSpawn(1): New child e78.26bc [kernel32].
243a9c.2fd8: supR3HardNtChildGatherData: PebBaseAddress=0000000000882000 cbPeb=0x388
244a9c.2fd8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed4f00000 uNtDllChildAddr=00007ffed4f00000
245a9c.2fd8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed4f717f0
246a9c.2fd8: supR3HardenedWinSetupChildInit: Initial context:
247 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff65c697900 rdx=0000000000882000
248 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
249 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
250 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
251 rip=00007ffed4f6ceb0 rsp=00000000007cff58 rbp=0000000000000000 ctxflags=0010001b
252 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
253 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
254 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
255 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
256 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
257a9c.2fd8: supR3HardenedWinSetupChildInit: Start child.
258a9c.2fd8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
259a9c.2fd8: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
260a9c.2fd8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
261a9c.2fd8: *0000000000000000-000000000068ffff 0x0001/0x0000 0x0000000
262a9c.2fd8: *0000000000690000-00000000006affff 0x0004/0x0004 0x0020000
263a9c.2fd8: *00000000006b0000-00000000006cafff 0x0002/0x0002 0x0040000
264a9c.2fd8: 00000000006cb000-00000000006cffff 0x0001/0x0000 0x0000000
265a9c.2fd8: *00000000006d0000-00000000007cafff 0x0000/0x0004 0x0020000
266a9c.2fd8: 00000000007cb000-00000000007cdfff 0x0104/0x0004 0x0020000
267a9c.2fd8: 00000000007ce000-00000000007cffff 0x0004/0x0004 0x0020000
268a9c.2fd8: *00000000007d0000-00000000007d3fff 0x0002/0x0002 0x0040000
269a9c.2fd8: 00000000007d4000-00000000007dffff 0x0001/0x0000 0x0000000
270a9c.2fd8: *00000000007e0000-00000000007e1fff 0x0004/0x0004 0x0020000
271a9c.2fd8: 00000000007e2000-00000000007fffff 0x0001/0x0000 0x0000000
272a9c.2fd8: *0000000000800000-0000000000881fff 0x0000/0x0004 0x0020000
273a9c.2fd8: 0000000000882000-0000000000884fff 0x0004/0x0004 0x0020000
274a9c.2fd8: 0000000000885000-00000000009fffff 0x0000/0x0004 0x0020000
275a9c.2fd8: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000
276a9c.2fd8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
277a9c.2fd8: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
278a9c.2fd8: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
279a9c.2fd8: 000000007ffe5000-00007ff5e0a7ffff 0x0001/0x0000 0x0000000
280a9c.2fd8: *00007ff5e0a80000-00007ff5e0a80fff 0x0002/0x0002 0x0040000
281a9c.2fd8: 00007ff5e0a81000-00007ff5e0a8ffff 0x0001/0x0000 0x0000000
282a9c.2fd8: *00007ff5e0a90000-00007ff5e0ab2fff 0x0002/0x0002 0x0040000
283a9c.2fd8: 00007ff5e0ab3000-00007ff65c68ffff 0x0001/0x0000 0x0000000
284a9c.2fd8: *00007ff65c690000-00007ff65c690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
285a9c.2fd8: 00007ff65c691000-00007ff65c706fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
286a9c.2fd8: 00007ff65c707000-00007ff65c707fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
287a9c.2fd8: 00007ff65c708000-00007ff65c74ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
288a9c.2fd8: 00007ff65c750000-00007ff65c750fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
289a9c.2fd8: 00007ff65c751000-00007ff65c751fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
290a9c.2fd8: 00007ff65c752000-00007ff65c756fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
291a9c.2fd8: 00007ff65c757000-00007ff65c757fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
292a9c.2fd8: 00007ff65c758000-00007ff65c758fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
293a9c.2fd8: 00007ff65c759000-00007ff65c75cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
294a9c.2fd8: 00007ff65c75d000-00007ff65c7a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
295a9c.2fd8: 00007ff65c7a6000-00007ffed4efffff 0x0001/0x0000 0x0000000
296a9c.2fd8: *00007ffed4f00000-00007ffed4f00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
297a9c.2fd8: 00007ffed4f01000-00007ffed5017fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
298a9c.2fd8: 00007ffed5018000-00007ffed505efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
299a9c.2fd8: 00007ffed505f000-00007ffed506afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
300a9c.2fd8: 00007ffed506b000-00007ffed5079fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
301a9c.2fd8: 00007ffed507a000-00007ffed507afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
302a9c.2fd8: 00007ffed507b000-00007ffed507dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
303a9c.2fd8: 00007ffed507e000-00007ffed50effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
304a9c.2fd8: 00007ffed50f0000-00007ffffffeffff 0x0001/0x0000 0x0000000
305a9c.2fd8: supR3HardNtChildPurify: Done after 527 ms and 0 fixes (loop #0).
306e78.26bc: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
307e78.26bc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed4f00000 g_uNtVerCombined=0xa047ba00 (stack ~00000000007cf9e8)
308e78.26bc: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
309e78.26bc: New simple heap: #1 0000000000b00000 LB 0x400000 (for 2031616 allocation)
310e78.26bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
311a9c.2fd8: supR3HardNtEnableThreadCreationEx:
312e78.26bc: System32: \Device\HarddiskVolume4\Windows\System32
313e78.26bc: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
314e78.26bc: KnownDllPath: C:\WINDOWS\System32
315e78.26bc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
316e78.26bc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
317e78.26bc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
318e78.26bc: Registered Dll notification callback with NTDLL.
319e78.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
320e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
321e78.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
322e78.26bc: supR3HardenedDllNotificationCallback: load 00007ffed1fc0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
323e78.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
324e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
325e78.26bc: supR3HardenedDllNotificationCallback: load 00007ffed3890000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
326e78.26bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
327e78.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3890000 'C:\WINDOWS\System32\KERNEL32.DLL'
328e78.26bc: supR3HardenedDllNotificationCallback: load 00007ff65c690000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
329e78.26bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
330e78.26bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
331e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
332e78.26bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed4f717f0 pvNtTerminateThread=00007ffed4f9cb10
333a9c.2fd8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms.
334e78.26bc: \SystemRoot\System32\ntdll.dll:
335e78.26bc: CreationTime: 2020-03-11T07:58:50.504082000Z
336e78.26bc: LastWriteTime: 2020-03-11T07:58:50.530434200Z
337e78.26bc: ChangeTime: 2020-03-16T01:14:28.400788500Z
338e78.26bc: FileAttributes: 0x20
339e78.26bc: Size: 0x1e8450
340e78.26bc: NT Headers: 0xd8
341e78.26bc: Timestamp: 0x64d10ee0
342e78.26bc: Machine: 0x8664 - amd64
343e78.26bc: Timestamp: 0x64d10ee0
344e78.26bc: Image Version: 10.0
345e78.26bc: SizeOfImage: 0x1f0000 (2031616)
346e78.26bc: Resource Dir: 0x17f000 LB 0x6f310
347e78.26bc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
348e78.26bc: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
349e78.26bc: ProductName: Microsoft® Windows® Operating System
350e78.26bc: ProductVersion: 10.0.18362.719
351e78.26bc: FileVersion: 10.0.18362.719 (WinBuild.160101.0800)
352e78.26bc: FileDescription: NT Layer DLL
353e78.26bc: \SystemRoot\System32\kernel32.dll:
354e78.26bc: CreationTime: 2019-09-10T22:39:29.514755700Z
355e78.26bc: LastWriteTime: 2019-09-10T22:39:29.527443800Z
356e78.26bc: ChangeTime: 2020-03-11T07:59:19.988041300Z
357e78.26bc: FileAttributes: 0x20
358e78.26bc: Size: 0xb0570
359e78.26bc: NT Headers: 0xe8
360e78.26bc: Timestamp: 0xd0cecc10
361e78.26bc: Machine: 0x8664 - amd64
362e78.26bc: Timestamp: 0xd0cecc10
363e78.26bc: Image Version: 10.0
364e78.26bc: SizeOfImage: 0xb2000 (729088)
365e78.26bc: Resource Dir: 0xb0000 LB 0x520
366e78.26bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
367e78.26bc: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
368e78.26bc: ProductName: Microsoft® Windows® Operating System
369e78.26bc: ProductVersion: 10.0.18362.329
370e78.26bc: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
371e78.26bc: FileDescription: Windows NT BASE API Client DLL
372e78.26bc: \SystemRoot\System32\KernelBase.dll:
373e78.26bc: CreationTime: 2020-03-11T07:58:50.954017800Z
374e78.26bc: LastWriteTime: 2020-03-11T07:58:50.998913800Z
375e78.26bc: ChangeTime: 2020-03-16T01:14:27.697829200Z
376e78.26bc: FileAttributes: 0x20
377e78.26bc: Size: 0x2a3e38
378e78.26bc: NT Headers: 0xf0
379e78.26bc: Timestamp: 0xb31987d3
380e78.26bc: Machine: 0x8664 - amd64
381e78.26bc: Timestamp: 0xb31987d3
382e78.26bc: Image Version: 10.0
383e78.26bc: SizeOfImage: 0x2a3000 (2764800)
384e78.26bc: Resource Dir: 0x27d000 LB 0x548
385e78.26bc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
386e78.26bc: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
387e78.26bc: ProductName: Microsoft® Windows® Operating System
388e78.26bc: ProductVersion: 10.0.18362.719
389e78.26bc: FileVersion: 10.0.18362.719 (WinBuild.160101.0800)
390e78.26bc: FileDescription: Windows NT BASE API Client DLL
391e78.26bc: \SystemRoot\System32\apisetschema.dll:
392e78.26bc: CreationTime: 2019-03-19T04:43:54.837151500Z
393e78.26bc: LastWriteTime: 2019-03-19T04:43:54.837151500Z
394e78.26bc: ChangeTime: 2020-03-11T07:59:19.976329300Z
395e78.26bc: FileAttributes: 0x20
396e78.26bc: Size: 0x1d028
397e78.26bc: NT Headers: 0xc8
398e78.26bc: Timestamp: 0xd6ced080
399e78.26bc: Machine: 0x8664 - amd64
400e78.26bc: Timestamp: 0xd6ced080
401e78.26bc: Image Version: 10.0
402e78.26bc: SizeOfImage: 0x1e000 (122880)
403e78.26bc: Resource Dir: 0x1d000 LB 0x408
404e78.26bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
405e78.26bc: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
406e78.26bc: ProductName: Microsoft® Windows® Operating System
407e78.26bc: ProductVersion: 10.0.18362.1
408e78.26bc: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
409e78.26bc: FileDescription: ApiSet Schema DLL
410e78.26bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
411e78.26bc: supR3HardenedWinFindAdversaries: 0x80
412e78.26bc: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
413e78.26bc: CreationTime: 2018-09-06T04:58:57.414771000Z
414e78.26bc: LastWriteTime: 2018-09-27T21:40:37.008033600Z
415e78.26bc: ChangeTime: 2019-08-11T01:35:40.506356200Z
416e78.26bc: FileAttributes: 0x20
417e78.26bc: Size: 0x3f520
418e78.26bc: NT Headers: 0xf8
419e78.26bc: Timestamp: 0x5b568210
420e78.26bc: Machine: 0x8664 - amd64
421e78.26bc: Timestamp: 0x5b568210
422e78.26bc: Image Version: 10.0
423e78.26bc: SizeOfImage: 0x41000 (266240)
424e78.26bc: Resource Dir: 0x3f000 LB 0x3b8
425e78.26bc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
426e78.26bc: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
427e78.26bc: ProductName: Malwarebytes SwissArmy
428e78.26bc: ProductVersion: 4.3.0.161
429e78.26bc: FileVersion: 4.3.0.161
430e78.26bc: FileDescription: Malwarebytes SwissArmy
431e78.26bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
432e78.26bc: Calling main()
433e78.26bc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
434e78.26bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
435e78.26bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
436e78.26bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
437e78.26bc: SUPR3HardenedMain: Respawn #2
438e78.26bc: supR3HardNtEnableThreadCreationEx:
439e78.26bc: supR3HardenedDllNotificationCallback: load 00007ffed3ab0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
440e78.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
441e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
442e78.26bc: supR3HardenedDllNotificationCallback: load 00007ffed3740000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
443e78.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
444e78.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
445e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
446e78.26bc: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
447e78.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
448e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
449e78.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
450e78.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
451e78.26bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
452e78.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
453e78.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4f00000 'C:\WINDOWS\System32\ntdll.dll'
454e78.26bc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
455e78.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
456e78.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
457e78.26bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
458e78.26bc: supR3HardenedDllNotificationCallback: load 00007ffecffa0000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
459e78.26bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
460e78.26bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
461e78.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
462e78.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4f00000 'C:\WINDOWS\System32\ntdll.dll'
463e78.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecffa0000 'C:\WINDOWS\system32\apphelp.dll'
464e78.26bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed4f717f0 pvNtTerminateThread=00007ffed4f9cb10
465e78.26bc: supR3HardenedWinDoReSpawn(2): New child 110c.3268 [kernel32].
466e78.26bc: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
467e78.26bc: supR3HardNtChildGatherData: PebBaseAddress=0000000000c76000 cbPeb=0x388
468e78.26bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed4f00000 uNtDllChildAddr=00007ffed4f00000
469e78.26bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed4f717f0
470e78.26bc: supR3HardenedWinSetupChildInit: Initial context:
471 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff65c697900 rdx=0000000000c76000
472 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
473 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
474 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
475 rip=00007ffed4f6ceb0 rsp=0000000000b7f858 rbp=0000000000000000 ctxflags=0010001b
476 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
477 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
478 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
479 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
480 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
481e78.26bc: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
482e78.26bc: supR3HardenedWinSetupChildInit: Start child.
483e78.26bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
484e78.26bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
485e78.26bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
486e78.26bc: *0000000000000000-0000000000a3ffff 0x0001/0x0000 0x0000000
487e78.26bc: *0000000000a40000-0000000000a5ffff 0x0004/0x0004 0x0020000
488e78.26bc: *0000000000a60000-0000000000a7afff 0x0002/0x0002 0x0040000
489e78.26bc: 0000000000a7b000-0000000000a7ffff 0x0001/0x0000 0x0000000
490e78.26bc: *0000000000a80000-0000000000b7afff 0x0000/0x0004 0x0020000
491e78.26bc: 0000000000b7b000-0000000000b7dfff 0x0104/0x0004 0x0020000
492e78.26bc: 0000000000b7e000-0000000000b7ffff 0x0004/0x0004 0x0020000
493e78.26bc: *0000000000b80000-0000000000b83fff 0x0002/0x0002 0x0040000
494e78.26bc: 0000000000b84000-0000000000b8ffff 0x0001/0x0000 0x0000000
495e78.26bc: *0000000000b90000-0000000000b91fff 0x0004/0x0004 0x0020000
496e78.26bc: 0000000000b92000-0000000000bfffff 0x0001/0x0000 0x0000000
497e78.26bc: *0000000000c00000-0000000000c75fff 0x0000/0x0004 0x0020000
498e78.26bc: 0000000000c76000-0000000000c78fff 0x0004/0x0004 0x0020000
499e78.26bc: 0000000000c79000-0000000000dfffff 0x0000/0x0004 0x0020000
500e78.26bc: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
501e78.26bc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
502e78.26bc: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
503e78.26bc: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
504e78.26bc: 000000007ffe5000-00007ff5d284ffff 0x0001/0x0000 0x0000000
505e78.26bc: *00007ff5d2850000-00007ff5d2850fff 0x0002/0x0002 0x0040000
506e78.26bc: 00007ff5d2851000-00007ff5d285ffff 0x0001/0x0000 0x0000000
507e78.26bc: *00007ff5d2860000-00007ff5d2882fff 0x0002/0x0002 0x0040000
508e78.26bc: 00007ff5d2883000-00007ff65c68ffff 0x0001/0x0000 0x0000000
509e78.26bc: *00007ff65c690000-00007ff65c690fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
510e78.26bc: 00007ff65c691000-00007ff65c706fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
511e78.26bc: 00007ff65c707000-00007ff65c707fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
512e78.26bc: 00007ff65c708000-00007ff65c74ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
513e78.26bc: 00007ff65c750000-00007ff65c750fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
514e78.26bc: 00007ff65c751000-00007ff65c751fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
515e78.26bc: 00007ff65c752000-00007ff65c756fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
516e78.26bc: 00007ff65c757000-00007ff65c757fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
517e78.26bc: 00007ff65c758000-00007ff65c758fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
518e78.26bc: 00007ff65c759000-00007ff65c75cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
519e78.26bc: 00007ff65c75d000-00007ff65c7a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
520e78.26bc: 00007ff65c7a6000-00007ffed4efffff 0x0001/0x0000 0x0000000
521e78.26bc: *00007ffed4f00000-00007ffed4f00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
522e78.26bc: 00007ffed4f01000-00007ffed5017fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
523e78.26bc: 00007ffed5018000-00007ffed505efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
524e78.26bc: 00007ffed505f000-00007ffed506afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
525e78.26bc: 00007ffed506b000-00007ffed5079fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
526e78.26bc: 00007ffed507a000-00007ffed507afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
527e78.26bc: 00007ffed507b000-00007ffed507dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
528e78.26bc: 00007ffed507e000-00007ffed50effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
529e78.26bc: 00007ffed50f0000-00007ffffffeffff 0x0001/0x0000 0x0000000
530e78.26bc: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
531e78.26bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
532e78.26bc: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
533e78.26bc: supR3HardNtChildPurify: Done after 573 ms and 0 fixes (loop #0).
534110c.3268: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
535110c.3268: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed4f00000 g_uNtVerCombined=0xa047ba00 (stack ~0000000000b7f2e8)
536110c.3268: ntdll.dll: timestamp 0x64d10ee0 (rc=VINF_SUCCESS)
537e78.26bc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b00000 LB 0x400000)
538110c.3268: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2031616 allocation)
539e78.26bc: supR3HardNtEnableThreadCreationEx:
540110c.3268: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
541110c.3268: System32: \Device\HarddiskVolume4\Windows\System32
542110c.3268: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
543110c.3268: KnownDllPath: C:\WINDOWS\System32
544110c.3268: supR3HardenedVmProcessInit: Opening vboxdrv...
545110c.3268: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
546110c.3268: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
547110c.3268: Registered Dll notification callback with NTDLL.
548110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
549110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
550110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
551110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1fc0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
552110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
553110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
554110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3890000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
555110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
556110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3890000 'C:\WINDOWS\System32\KERNEL32.DLL'
557110c.3268: supR3HardenedDllNotificationCallback: load 00007ff65c690000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
558110c.3268: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
559110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
560110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
561110c.3268: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed4f717f0 pvNtTerminateThread=00007ffed4f9cb10
562e78.26bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 65 ms.
563110c.3268: \SystemRoot\System32\ntdll.dll:
564110c.3268: CreationTime: 2020-03-11T07:58:50.504082000Z
565110c.3268: LastWriteTime: 2020-03-11T07:58:50.530434200Z
566110c.3268: ChangeTime: 2020-03-16T01:14:28.400788500Z
567110c.3268: FileAttributes: 0x20
568110c.3268: Size: 0x1e8450
569110c.3268: NT Headers: 0xd8
570110c.3268: Timestamp: 0x64d10ee0
571110c.3268: Machine: 0x8664 - amd64
572110c.3268: Timestamp: 0x64d10ee0
573110c.3268: Image Version: 10.0
574110c.3268: SizeOfImage: 0x1f0000 (2031616)
575110c.3268: Resource Dir: 0x17f000 LB 0x6f310
576110c.3268: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
577110c.3268: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
578110c.3268: ProductName: Microsoft® Windows® Operating System
579110c.3268: ProductVersion: 10.0.18362.719
580110c.3268: FileVersion: 10.0.18362.719 (WinBuild.160101.0800)
581110c.3268: FileDescription: NT Layer DLL
582110c.3268: \SystemRoot\System32\kernel32.dll:
583110c.3268: CreationTime: 2019-09-10T22:39:29.514755700Z
584110c.3268: LastWriteTime: 2019-09-10T22:39:29.527443800Z
585110c.3268: ChangeTime: 2020-03-11T07:59:19.988041300Z
586110c.3268: FileAttributes: 0x20
587110c.3268: Size: 0xb0570
588110c.3268: NT Headers: 0xe8
589110c.3268: Timestamp: 0xd0cecc10
590110c.3268: Machine: 0x8664 - amd64
591110c.3268: Timestamp: 0xd0cecc10
592110c.3268: Image Version: 10.0
593110c.3268: SizeOfImage: 0xb2000 (729088)
594110c.3268: Resource Dir: 0xb0000 LB 0x520
595110c.3268: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
596110c.3268: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
597110c.3268: ProductName: Microsoft® Windows® Operating System
598110c.3268: ProductVersion: 10.0.18362.329
599110c.3268: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
600110c.3268: FileDescription: Windows NT BASE API Client DLL
601110c.3268: \SystemRoot\System32\KernelBase.dll:
602110c.3268: CreationTime: 2020-03-11T07:58:50.954017800Z
603110c.3268: LastWriteTime: 2020-03-11T07:58:50.998913800Z
604110c.3268: ChangeTime: 2020-03-16T01:14:27.697829200Z
605110c.3268: FileAttributes: 0x20
606110c.3268: Size: 0x2a3e38
607110c.3268: NT Headers: 0xf0
608110c.3268: Timestamp: 0xb31987d3
609110c.3268: Machine: 0x8664 - amd64
610110c.3268: Timestamp: 0xb31987d3
611110c.3268: Image Version: 10.0
612110c.3268: SizeOfImage: 0x2a3000 (2764800)
613110c.3268: Resource Dir: 0x27d000 LB 0x548
614110c.3268: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
615110c.3268: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
616110c.3268: ProductName: Microsoft® Windows® Operating System
617110c.3268: ProductVersion: 10.0.18362.719
618110c.3268: FileVersion: 10.0.18362.719 (WinBuild.160101.0800)
619110c.3268: FileDescription: Windows NT BASE API Client DLL
620110c.3268: \SystemRoot\System32\apisetschema.dll:
621110c.3268: CreationTime: 2019-03-19T04:43:54.837151500Z
622110c.3268: LastWriteTime: 2019-03-19T04:43:54.837151500Z
623110c.3268: ChangeTime: 2020-03-11T07:59:19.976329300Z
624110c.3268: FileAttributes: 0x20
625110c.3268: Size: 0x1d028
626110c.3268: NT Headers: 0xc8
627110c.3268: Timestamp: 0xd6ced080
628110c.3268: Machine: 0x8664 - amd64
629110c.3268: Timestamp: 0xd6ced080
630110c.3268: Image Version: 10.0
631110c.3268: SizeOfImage: 0x1e000 (122880)
632110c.3268: Resource Dir: 0x1d000 LB 0x408
633110c.3268: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
634110c.3268: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
635110c.3268: ProductName: Microsoft® Windows® Operating System
636110c.3268: ProductVersion: 10.0.18362.1
637110c.3268: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
638110c.3268: FileDescription: ApiSet Schema DLL
639110c.3268: NtOpenDirectoryObject failed on \Driver: 0xc0000022
640110c.3268: supR3HardenedWinFindAdversaries: 0x80
641110c.3268: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
642110c.3268: CreationTime: 2018-09-06T04:58:57.414771000Z
643110c.3268: LastWriteTime: 2018-09-27T21:40:37.008033600Z
644110c.3268: ChangeTime: 2019-08-11T01:35:40.506356200Z
645110c.3268: FileAttributes: 0x20
646110c.3268: Size: 0x3f520
647110c.3268: NT Headers: 0xf8
648110c.3268: Timestamp: 0x5b568210
649110c.3268: Machine: 0x8664 - amd64
650110c.3268: Timestamp: 0x5b568210
651110c.3268: Image Version: 10.0
652110c.3268: SizeOfImage: 0x41000 (266240)
653110c.3268: Resource Dir: 0x3f000 LB 0x3b8
654110c.3268: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
655110c.3268: [Raw version resource data: 0x3f060 LB 0x358, codepage 0x0 (reserved 0x0)]
656110c.3268: ProductName: Malwarebytes SwissArmy
657110c.3268: ProductVersion: 4.3.0.161
658110c.3268: FileVersion: 4.3.0.161
659110c.3268: FileDescription: Malwarebytes SwissArmy
660110c.3268: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
661110c.3268: Calling main()
662110c.3268: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
663110c.3268: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
664110c.3268: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
665110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
666110c.3268: SUPR3HardenedMain: Final process, opening VBoxDrv...
667110c.3268: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
668110c.3268: supR3HardNtEnableThreadCreationEx:
669110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
670110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
671110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
672110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
673110c.3268: supR3HardenedDllNotificationCallback: load 00007ffece8b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
674110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
675110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
676110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
677110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
678110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
679110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
680110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
681110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
682110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
683110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
684110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
685110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
686110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
687110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
688110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
689110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
690110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
691110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
692110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
693110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
694110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
695110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
696110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
697110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
698110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
699110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
700110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
701110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
702110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
703110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
704110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
705110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
706110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
707110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
708110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
709110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed4090000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
710110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
711110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1e70000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
712110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
713110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed23c0000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
714110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
715110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
716110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed2540000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
717110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
718110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3ab0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
719110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
720110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed2360000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
721110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
722110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
723110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
724110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-synch-l1-2-0'
725110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
726110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
727110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-fibers-l1-1-1'
728110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
729110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
730110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-fibers-l1-1-1'
731110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
732110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
733110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-synch-l1-2-0'
734110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
735110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
736110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-localization-l1-2-1'
737110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2360000 'C:\WINDOWS\system32\Wintrust.dll'
738110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
739110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
740110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
741110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1e90000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
742110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
743110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1e90000 'C:\WINDOWS\system32\bcrypt.dll'
744110c.3268: bcrypt.dll loaded at 00007ffed1e90000, BCryptOpenAlgorithmProvider at 00007ffed1e94c70, preloading providers:
745110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
746110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
747110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
748110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed24c0000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
749110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
750110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed24c0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
751110c.3268: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000014cdf30)
752110c.3268: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000014cf4a0)
753110c.3268: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000014cf7a0)
754110c.3268: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000014cfaa0)
755110c.3268: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000014cfda0)
756110c.3268: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000014d00a0)
757110c.3268: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000014d03a0)
758110c.3268: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000014d06a0)
759110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1fa0000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
760110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
761110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
762110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
763110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
764110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
765110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
766110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
767110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
768110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
769110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
770110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed11a0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
771110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
772110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
773110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
774110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
775110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
776110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1800000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
777110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
778110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
779110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
780110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
781110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
782110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
783110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3890000 'C:\WINDOWS\System32\kernel32.dll'
784110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
785110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
786110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2360000 'C:\WINDOWS\System32\WINTRUST.DLL'
787110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
788110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
789110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\CRYPT32.dll'
790110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed4070000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
791110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
792110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
793110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
794110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
795110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
796110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
797110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
798110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
799110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
800110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3740000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
801110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
802110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
803110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
804110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
805110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
806110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
807110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
808110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed09e0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
809110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
810110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1df0000 LB 0x00023000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
811110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
812110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
813110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
814110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
815110c.3268: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
816110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
817110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
818110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
819110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
820110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
821110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
822110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
823110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
824110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
825110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
826110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
827110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
828110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
829110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
830110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
831110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
832110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
833110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
834110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec6590000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
835110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
836110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
837110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
838110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
839110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
840110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
841110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
842110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
843110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
844110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
845110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
846110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
847110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
848110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
849110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
850110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
851110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
852110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
853110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
854110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
855110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
856110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
857110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
858110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
859110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
860110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
861110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
862110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
863110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
864110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\WINDOWS\System32\cryptnet.dll'
865110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
866110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec6590000 'C:\Windows\System32\cryptnet.dll'
867110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3fc0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
868110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
869110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
870110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
871110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
872110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
873110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
874110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
875110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
876110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
877110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
878110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
879110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
880110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
881110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
882110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
883110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
884110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
885110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
886110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
887110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
888110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
889110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001599bc0
890110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
891110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F134927D73F6FAAD67AD49B5BE994D3044A4A94
892110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
893110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
894110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3ab0000 'C:\WINDOWS\System32\rpcrt4.dll'
895110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
896110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
897110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
898110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
899110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
900110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
901110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.719.cat'; file='\SystemRoot\System32\ntdll.dll'
902110c.3268: g_pfnWinVerifyTrust=00007ffed23661f0
903110c.3268: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
904110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
905110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
906110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
907110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
908110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
909110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
910110c.3268: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
911110c.3268: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
912110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
913110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
914110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
915110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
916110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
917110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
918110c.3268: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
919110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
920110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
921110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
922110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
923110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
924110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
925110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
926110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
927110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
928110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
929110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
930110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
931110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.719.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
932110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
933110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
934110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
935110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
936110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
937110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
938110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
939110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
940110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
941110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
942110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
943110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
944110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
945110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
946110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
947110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
948110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
949110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
950110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
951110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
952110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
953110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
954110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
955110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
956110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
957110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
958110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
959110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
960110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
961110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
962110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
963110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
964110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
965110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
966110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
967110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
968110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
969110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
970110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
971110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
972110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
973110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
974110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
975110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
976110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
977110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
978110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
979110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
980110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
981110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
982110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
983110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
984110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
985110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
986110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
987110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
988110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
989110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
990110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
991110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
992110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
993110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\system32\crypt32.dll'
994110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
995110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
996110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
997110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
998110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
999110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1000110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1001110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1002110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1003110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
1004110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1005110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1006110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1007110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
1008110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
1009110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
1010110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1011110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1012110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1013110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1014110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1015110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1016110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1017110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
1018110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1019110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1020110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1021110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
1022110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1023110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1024110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1025110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1026110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1027110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1028110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1029110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
1030110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1031110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
1032110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1033110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1034110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1035110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1036110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1037110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1038110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
1039110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1040110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1041110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1042110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
1043110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1044110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
1045110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
1046110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1047110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1048110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1049110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1050110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1051110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1052110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1053110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1054110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1055110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1056110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1057110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1058110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1059110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
1060110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1061110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1062110c.3268: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1063110c.3268: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=69
1064110c.3268: SUPR3HardenedMain: Load Runtime...
1065110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1066110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1067110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1068110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1069110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1070110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1071110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1072110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1073110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1074110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1075110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1076110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1077110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
1078110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1079110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1080110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1081110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1082110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1083110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1084110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1085110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1086110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1087110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1088110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1089110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1090110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1091110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1092110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1093110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1094110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1095110c.3268: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1096110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
1097110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1098110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1099110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1100110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1101110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1102110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1103110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1104110c.3268: supR3HardenedDllNotificationCallback: load 000000006f1c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1105110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1106110c.3268: supR3HardenedDllNotificationCallback: load 000000006ebb0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1107110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1108110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3bd0000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
1109110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1110110c.3268: supR3HardenedDllNotificationCallback: load 00007ffe9f9f0000 LB 0x005ed000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1111110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1112110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1113110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1114110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1115110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1116110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1117110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1118110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1119110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1120110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1121110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1122110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1123110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1124110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1125110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1126110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1127110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1128110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1129110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1130110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1131110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1132110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1133110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1134110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1135110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1136110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1137110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1139110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1140110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1141110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1142110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1143110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1144110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1145110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1146110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1147110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1148110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1149110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1150110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1151110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1153110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1154110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1155110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1156110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1158110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1159110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1160110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1161110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1163110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1164110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1165110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1166110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1168110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1169110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1170110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1171110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1173110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1174110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1175110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1176110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1178110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1179110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1180110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1181110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1182110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1183110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1184110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1185110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1186110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1187110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1188110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1189110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1190110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1191110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1192110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1193110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1194110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1195110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1196110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1197110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1198110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1199110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1200110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1201110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1202110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1203110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1204110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1205110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1206110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1207110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1208110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1209110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1210110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1211110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1212110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1213110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1214110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1215110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1216110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1217110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1218110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1219110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1220110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1221110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1222110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1223110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1224110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1225110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1226110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1227110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1228110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1229110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1230110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1231110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1232110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1233110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1234110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1235110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1236110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1237110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1238110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1239110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1240110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1241110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1242110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1243110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1244110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1245110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1246110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1247110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1248110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1249110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1250110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1251110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1252110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1253110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1254110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1255110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1256110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1257110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1258110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1259110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1260110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1261110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1262110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1263110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1264110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1265110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1266110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1267110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1268110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1269110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1270110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1271110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1272110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1273110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
1274110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1275110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1276110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1277110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1278110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1279110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1280110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1281110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1282110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1283110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1284110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1285110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1286110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1287110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1288110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9f9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1289110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1290110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
1291110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
1292110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1293110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2360000 'C:\WINDOWS\system32\Wintrust.dll'
1294110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
1295110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1296110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1297110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1298110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1299110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1300110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\system32\crypt32.dll'
1301110c.3268: SUPR3HardenedMain: Load TrustedMain...
1302110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1303110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1304110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1305110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1306110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1307110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1308110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1309110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1310110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1311110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1312110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1313110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1314110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1315110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1316110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1317110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1318110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1319110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1320110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1321110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1322110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1323110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1324110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
1325110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
1326110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1327110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1328110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1329110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1330110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1331110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1332110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1333110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1334110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1335110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
1336110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
1337110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1338110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1339110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1340110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1341110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1342110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1343110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1344110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1345110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1346110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1347110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
1348110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1349110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1350110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1351110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1352110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1353110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1354110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1355110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1356110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1357110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1358110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
1359110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
1360110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1361110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1362110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1363110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
1364110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
1365110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1366110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1367110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
1368110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1369110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1370110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1371110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1372110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1373110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
1374110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
1375110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
1376110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
1377110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
1378110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1379110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1380110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1381110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1382110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
1383110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1384110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1385110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1386110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1387110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1388110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
1389110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
1390110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1391110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1392110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1393110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
1394110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
1395110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1396110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1397110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1398110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1399110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1400110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1401110c.3268: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
1402110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
1403110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
1404110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1405110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1406110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1407110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1408110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1409110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1410110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1411110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1412110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1413110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1414110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
1415110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1416110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1417110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1418110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1419110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1420110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1421110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1422110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1423110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1424110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1425110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1426110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1427110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1428110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1429110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1430110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1431110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1432110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1433110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1434110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1435110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1436110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1437110c.3268: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1438110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1439110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1440110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1441110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1442110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1443110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1444110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1445110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1446110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1447110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1448110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1449110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1450110c.3268: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1451110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1452110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1453110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1454110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1455110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1456110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1457110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1458110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1459110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1460110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1461110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1462110c.3268: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1463110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1464110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1465110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1466110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1467110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1468110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1469110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1470110c.3268: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1471110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1472110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1473110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1474110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1475110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1476110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1477110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1478110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1479110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1480110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
1481110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
1482110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
1483110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
1484110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
1485110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1486110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1487110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1488110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1489110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1490110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1491110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1492110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1493110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1494110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1495110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1496110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1497110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1498110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1499110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1500110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1501110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1502110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1503110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1504110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1505110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1506110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1507110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1508110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1509110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1510110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1511110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1512110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1513110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1514110c.3268: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
1515110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1516110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1517110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1518110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1519110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1520110c.3268: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
1521110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1522110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1523110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1524110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1525110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1526110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1527110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1528110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1529110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1530110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1531110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1532110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1533110c.3268: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
1534110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll)
1535110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
1536110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1537110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1538110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
1539110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1540110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1541110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1542110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1543110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1544110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1545110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1546110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1547110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1548110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1549110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1550110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1551110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1552110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1553110c.3268: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1554110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1555110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1556110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1557110c.3268: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
1558110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
1559110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1560110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1561110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1562110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1563110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1564110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1565110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1566110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1567110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1568110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1569110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1570110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1571110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1572110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1573110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1574110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1575110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1576110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1577110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1578110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1579110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1580110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1581110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1582110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1583110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1584110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1585110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1586110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1587110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1588110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1589110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1590110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1591110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1592110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1593110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1594110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1595110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1596110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1597110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1598110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1599110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1600110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1601110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1602110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1603110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1604110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1605110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1606110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
1607110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1608110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1609110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1610110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1611110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1612110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1613110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1614110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1615110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1616110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1617110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1618110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1619110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1620110c.3268: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1621110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1622110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1623110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1624110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1625110c.3268: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1626110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1627110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1628110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
1629110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1630110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1631110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
1632110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1633110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1634110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
1635110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
1636110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1637110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1638110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1639110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1640110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1641110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1642110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1643110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1644110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1645110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1646110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1647110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
1648110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
1649110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1650110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1651110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1652110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
1653110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
1654110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
1655110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0837440FAE05EB650168FFA2D15E73182F6A3A26
1656110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1657110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1658110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1659110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1660110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1661110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1662110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1663110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1664110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1665110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1666110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1667110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1668110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1669110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
1670110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1671110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1672110c.3268: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1673110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1674110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1675110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1676110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1677110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1678110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1679110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1680110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1681110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1682110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1683110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
1684110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
1685110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1686110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1687110c.3268: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
1688110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1689110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1690110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1691110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
1692110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1693110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1695110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1696110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1697110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1698110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1699110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1700110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1701110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
1702110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DXCore.dll)
1703110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DXCore.dll
1704110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1f70000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
1705110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1706110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed22c0000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
1707110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1708110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed2e10000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
1709110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1710110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1711110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1712110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1713110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
1714110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
1715110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed30f0000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
1716110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1717110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed4cf0000 LB 0x00194000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
1718110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [avoiding WinVerifyTrust]
1719110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed32c0000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
1720110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1721110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed2270000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
1722110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
1723110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
1724110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed0aa0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
1725110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
1726110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec0460000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
1727110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1728110c.3268: supR3HardenedDllNotificationCallback: load 00007ffeb6680000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1729110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
1730110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed37e0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
1731110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1732110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
1733110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
1734110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
1735110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
1736110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1dc0000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
1737110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
1738110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
1739110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1e20000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
1740110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1741110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
1742110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
1743110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
1744110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3a50000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
1745110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1746110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1747110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1748110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
1749110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
1750110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1dd0000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
1751110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1752110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1753110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
1754110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
1755110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed2690000 LB 0x00780000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
1756110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
1757110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
1758110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
1759110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
1760110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
1761110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
1762110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed4190000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
1763110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
1764110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3e00000 LB 0x00157000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
1765110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
1766110c.3268: supR3HardenedDllNotificationCallback: load 00007ffeb2970000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
1767110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1768110c.3268: supR3HardenedDllNotificationCallback: load 000000006ec50000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1769110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1770110c.3268: supR3HardenedDllNotificationCallback: load 00007ffe9f3f0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1771110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1772110c.3268: supR3HardenedDllNotificationCallback: load 000000006e640000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1773110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
1774110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed31f0000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
1775110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
1776110c.3268: supR3HardenedDllNotificationCallback: load 00007ffe78bc0000 LB 0x02614000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
1777110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
1778110c.3268: supR3HardenedDllNotificationCallback: load 000000006e5e0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1779110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1780110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec4580000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1781110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1782110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec40c0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
1783110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
1784110c.3268: supR3HardenedDllNotificationCallback: load 00007ffeb6440000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1785110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1786110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
1787110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
1788110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
1789110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
1790110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1791110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1792110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
1793110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
1794110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
1795110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
1796110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1797110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1798110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1799110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1800110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1801110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1802110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
1803110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
1804110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1805110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
1806110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
1807110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
1808110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
1809110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
1810110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1811110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1812110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1813110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1814110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1815110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
1816110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1817110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
1818110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1819110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1820110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1821110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
1822110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1823110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
1824110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1825110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1826110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1827110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
1828110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1829110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1830110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1831110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1832110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1833110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1834110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
1835110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1836110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1837110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1838110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1839110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
1840110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1841110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1842110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1843110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1844110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1845110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1846110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
1847110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1848110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
1849110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1850110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1851110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1852110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1853110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1854110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1855110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1856110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
1857110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
1858110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
1859110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
1860110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\umpdc.dll
1861110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1862110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1863110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1864110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1865110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
1866110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1867110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
1868110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1869110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1870110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1871110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1872110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1873110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1874110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1875110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1876110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1877110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
1878110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1879110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1880110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
1881110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1882110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
1883110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1884110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1885110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1886110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1887110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
1888110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1889110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1890110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1891110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1892110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
1893110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1894110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1895110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1896110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1897110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
1898110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1899110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1900110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1901110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1902110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
1903110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1904110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3890000 'C:\WINDOWS\System32\kernel32.dll'
1905110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
1906110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
1907110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
1908110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
1909110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1910110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1911110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
1912110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
1913110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
1914110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
1915110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1916110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1917110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1918110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1919110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1920110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1921110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
1922110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
1923110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1924110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
1925110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
1926110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
1927110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
1928110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
1929110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1930110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1931110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1932110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1933110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1934110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
1935110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1936110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
1937110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1938110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1939110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1940110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
1941110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1942110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
1943110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
1944110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
1945110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
1946110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
1947110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1948110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1949110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
1950110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
1951110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
1952110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
1953110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1954110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1955110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1956110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1957110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1958110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
1959110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
1960110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
1961110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
1962110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
1963110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
1964110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
1965110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
1966110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
1967110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1968110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
1969110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
1970110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
1971110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
1972110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
1973110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
1974110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
1975110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
1976110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
1977110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
1978110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
1979110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
1980110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
1981110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1982110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1983110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-string-l1-1-0'
1984110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
1985110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
1986110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
1987110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
1988110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
1989110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
1990110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
1991110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
1992110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
1993110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
1994110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
1995110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
1996110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
1997110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
1998110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
1999110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2000110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2001110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2002110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2003110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2004110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2005110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2006110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2007110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2008110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2009110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2010110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2011110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2012110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2013110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2014110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2015110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2016110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2017110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2018110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2019110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2020110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2021110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2022110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2023110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2024110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2025110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2026110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2027110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2028110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2029110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2030110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2031110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2032110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2033110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2034110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2035110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2036110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2037110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2038110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2039110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2040110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2041110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2042110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2043110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2044110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2045110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2046110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2047110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2048110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2049110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2050110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2051110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2052110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2053110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2054110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2055110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2056110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2057110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2058110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2059110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2060110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
2061110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2062110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-datetime-l1-1-1'
2063110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2064110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2065110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2066110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2067110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2068110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2069110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2070110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2071110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2072110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2073110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2074110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2075110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2076110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2077110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2078110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2079110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2080110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2081110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2082110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2083110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2084110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2085110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2086110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2087110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2088110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2089110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2090110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2091110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2092110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2093110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2094110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2095110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2096110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2097110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2098110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2099110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2100110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2101110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2102110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2103110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2104110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2105110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2106110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2107110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2108110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2109110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2110110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2111110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2112110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2113110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2114110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2115110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2116110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2117110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2118110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2119110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2120110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2121110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2122110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2123110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2124110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2125110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2126110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2127110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2128110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2129110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2130110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2131110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2132110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2133110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2134110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2135110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2136110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2137110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2138110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2139110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
2140110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2141110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-localization-obsolete-l1-2-0'
2142110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2143110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2144110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2145110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2146110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2147110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2148110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2149110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2150110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2151110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2152110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2153110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2154110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2155110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2156110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2157110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2158110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2159110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2160110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2161110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2162110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2163110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2164110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2165110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2166110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2167110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2168110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2169110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2170110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2171110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2172110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2173110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2174110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2175110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2176110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2177110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2178110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2179110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2180110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2181110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2182110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2183110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2184110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2185110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2186110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2187110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2188110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2189110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2190110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2191110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2192110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2193110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2194110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2195110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2196110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2197110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2198110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2199110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2200110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2201110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2202110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2203110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2204110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2205110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2206110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2207110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2208110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2209110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2210110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2211110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2212110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2213110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2214110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2215110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2216110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2217110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2218110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
2219110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
2220110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
2221110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
2222110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
2223110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2224110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2225110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
2226110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2227110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
2228110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2229110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2230110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
2231110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2232110c.3268: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\user32.dll
2233110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2234110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed4e90000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
2235110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
2236110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4e90000 'C:\WINDOWS\system32\IMM32.DLL'
2237110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
2238110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
2239110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2240110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2241110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2242110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2243110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2244110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2245110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2246110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2247110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2248110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2249110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2250110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2251110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2252110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2253110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2254110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2255110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2256110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2257110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2258110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2259110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2260110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2261110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2262110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2263110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2264110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2265110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2266110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2267110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2268110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2269110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2270110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2271110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2272110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2273110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2274110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2275110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2276110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2277110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
2278110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
2279110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2280110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2281110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2282110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2283110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2284110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2285110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2286110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2287110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2288110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2289110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2290110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2291110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2292110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2293110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2294110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2295110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2296110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2297110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2298110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2299110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2300110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2301110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2302110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2303110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2304110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2305110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2306110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2307110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2308110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2309110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2310110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2311110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2312110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2313110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2314110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2315110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2316110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2317110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
2318110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2319110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3fc0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
2320110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
2321110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
2322110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'.
2323110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll' [rescheduled]
2324110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'.
2325110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll' [rescheduled]
2326110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
2327110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
2328110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'.
2329110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rescheduled]
2330110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'.
2331110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll' [rescheduled]
2332110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
2333110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
2334110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
2335110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
2336110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
2337110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
2338110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'.
2339110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll' [rescheduled]
2340110c.3268: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
2341110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
2342110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\mpr.dll'.
2343110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rescheduled]
2344110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
2345110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
2346110c.3268: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
2347110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
2348110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
2349110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
2350110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
2351110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
2352110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
2353110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rescheduled]
2354110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
2355110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
2356110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
2357110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
2358110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
2359110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
2360110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeb6440000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
2361110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2362110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2363110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
2364110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2365110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2366110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
2367110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2368110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2369110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
2370110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2371110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2372110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
2373110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2374110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2375110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
2376110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2377110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2378110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
2379110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2380110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2381110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
2382110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2383110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2384110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
2385110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2386110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2387110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
2388110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2389110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2390110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\DXCore.dll'
2391110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume4\Windows\System32\glu32.dll
2392110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2393110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2394110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F356C86D0A2DBA0570D09B39D4AF818DFCB17010
2395110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2396110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2397110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.449.cat'; file='\Device\HarddiskVolume4\Windows\System32\glu32.dll'
2398110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2399110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll'
2400110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2401110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2402110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\mpr.dll'
2403110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2404110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2405110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
2406110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2407110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
2408110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2409110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2410110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
2411110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2412110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2413110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
2414110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2415110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2416110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
2417110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2418110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2419110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
2420110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2421110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2422110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
2423110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
2424110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2425110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2426110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2427110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'
2428110c.3268: SUPR3HardenedMain: Calling TrustedMain (00007ffeb64416c0)...
2429110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2430110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2431110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2432110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2433110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2434110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2435110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2436110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2437110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2438110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2439110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2440110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2441110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2442110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2443110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2444110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2445110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2446110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2447110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2448110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2449110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2450110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2451110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2452110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2453110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
2454110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2455110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2456110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2457110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2458110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2459110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2460110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2461110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2462110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2463110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2464110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2465110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
2466110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2467110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2468110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2469110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2470110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2471110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2472110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2473110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2474110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2475110c.3268: supR3HardenedDllNotificationCallback: load 00007ffea1150000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2476110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2477110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea1150000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2478110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000638 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
2479110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2480110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2481110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=286AD1CEC16EFDCA5718925D19E68A486A5851A0
2482110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2483110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2484110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
2485110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2486110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2487110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
2488110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
2489110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll) WinVerifyTrust
2490110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
2491110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2492110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2493110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2494110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2495110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2496110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2497110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2498110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
2499110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed0140000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2500110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
2501110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed0140000 'C:\WINDOWS\system32\uxtheme.dll'
2502110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4cf0000 'C:\WINDOWS\system32\user32.dll'
2503110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2504110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2505110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4190000 'C:\WINDOWS\system32\shell32.dll'
2506110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
2507110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2508110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed37e0000 'C:\WINDOWS\system32\SHCore.dll'
2509110c.3268: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2510110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
2511110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2512110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2513110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\system32\winmm.dll'
2514110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
2515110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2516110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\system32\winmm.dll'
2517110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
2518110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2519110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4190000 'C:\WINDOWS\system32\shell32.dll'
2520110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
2521110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2522110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed0140000 'C:\WINDOWS\system32\uxtheme.dll'
2523110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
2524110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2525110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3fc0000 'C:\WINDOWS\system32\advapi32.dll'
2526110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2527110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2528110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2529110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
2530110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll) WinVerifyTrust
2531110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
2532110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
2533110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
2534110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
2535110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2536110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2537110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2538110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
2539110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed1ce0000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
2540110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
2541110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1ce0000 'C:\WINDOWS\system32\userenv.dll'
2542110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
2543110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2544110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3890000 'C:\WINDOWS\System32\kernel32.dll'
2545110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed2fb0000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
2546110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2547110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
2548110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
2549110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
2550110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2551110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2552110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2553110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2554110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2555110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2556110c.37a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
2557110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2558110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2559110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2560110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2561110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2562110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2563110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2564110c.37a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2565110c.37a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2566110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2567110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2568110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2569110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2570110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2571110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2572110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2573110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2574110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
2575110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2576110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2577110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2578110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2579110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
2580110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2581110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2582110c.37a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2583110c.37a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2584110c.37a8: supR3HardenedDllNotificationCallback: load 00007ffea07e0000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2585110c.37a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
2586110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea07e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2587110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2588110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2589110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2590110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2591110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2592110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2593110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2594110c.37a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2595110c.37a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2596110c.37a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2597110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2598110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2599110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2600110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2601110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2602110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2603110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2604110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2605110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2606110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2607110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
2608110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2609110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2610110c.37a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
2611110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2612110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2613110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2614110c.37a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2615110c.37a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2616110c.37a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2617110c.37a8: supR3HardenedDllNotificationCallback: load 00007ffebe4f0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2618110c.37a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2619110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebe4f0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2620110c.37a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2621110c.37a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2622110c.37a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed31f0000 'C:\Windows\System32\oleaut32.dll'
2623110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed30f0000 'C:\WINDOWS\system32\gdi32.dll'
2624110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed3600000 LB 0x00136000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
2625110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2626110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2627110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
2628110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
2629110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
2630110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'advapi32.dll'.
2631110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
2632110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
2633110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2634110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2635110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2636110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2637110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
2638110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2639110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2640110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2641110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2642110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
2643110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2644110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2645110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2646110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2647110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2648110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2649110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2650110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
2651110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009bc pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
2652110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2653110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2654110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
2655110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2656110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2657110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
2658110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2659110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2660110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
2661110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
2662110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
2663110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
2664110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
2665110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
2666110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
2667110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
2668110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2669110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2670110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
2671110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
2672110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
2673110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
2674110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
2675110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
2676110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2677110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2678110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
2679110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2680110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2681110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
2682110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2683110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2684110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2685110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
2686110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
2687110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll) WinVerifyTrust
2688110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
2689110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2690110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2691110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
2692110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2693110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2694110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
2695110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2696110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2697110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2698110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2699110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll
2700110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
2701110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
2702110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2703110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2704110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2705110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
2706110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll) WinVerifyTrust
2707110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
2708110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2709110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2710110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
2711110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
2712110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
2713110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2714110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2715110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2716110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
2717110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
2718110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
2719110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
2720110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed0b90000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
2721110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll
2722110c.3268: supR3HardenedDllNotificationCallback: load 00007ffecf140000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
2723110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
2724110c.3268: supR3HardenedDllNotificationCallback: load 00007ffecf8e0000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
2725110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
2726110c.3268: supR3HardenedDllNotificationCallback: load 00007ffeadd30000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
2727110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
2728110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed30f0000 'C:\WINDOWS\System32\gdi32.dll'
2729110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeadd30000 'C:\WINDOWS\system32\dataexchange.dll'
2730110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
2731110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
2732110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
2733110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
2734110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
2735110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
2736110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2737110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
2738110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rmclient.dll)
2739110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rmclient.dll
2740110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed0640000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
2741110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
2742110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed0200000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
2743110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
2744110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2745110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2746110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2747110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2748110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
2749110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
2750110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
2751110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2752110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2753110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
2754110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2755110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2756110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
2757110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume4\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
2758110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
2759110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2760110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2761110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rmclient.dll'
2762110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2763110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
2764110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2765110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2766110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
2767110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
2768110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2769110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed37e0000 'C:\WINDOWS\system32\Shcore.dll'
2770110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2771110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
2772110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
2773110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
2774110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
2775110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
2776110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2777110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
2778110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
2779110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
2780110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
2781110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2782110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
2783110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
2784110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
2785110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
2786110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
2787110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
2788110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
2789110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
2790110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
2791110c.3268: supR3HardenedDllNotificationCallback: load 00007ffed0e20000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
2792110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
2793110c.3268: supR3HardenedDllNotificationCallback: load 00007ffecf800000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
2794110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
2795110c.3268: supR3HardenedDllNotificationCallback: load 00007ffece6e0000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
2796110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
2797110c.3268: supR3HardenedDllNotificationCallback: load 00007ffebe9e0000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
2798110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
2799110c.3268: supR3HardenedDllNotificationCallback: load 00007ffebe130000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
2800110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
2801110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
2802110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
2803110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
2804110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2805110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2806110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
2807110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
2808110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
2809110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2810110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2811110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
2812110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
2813110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
2814110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2815110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2816110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2817110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2818110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2819110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
2820110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
2821110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
2822110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
2823110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
2824110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
2825110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2826110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2827110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2828110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2829110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2830110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2831110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
2832110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2833110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2834110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
2835110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2836110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2837110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
2838110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2839110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2840110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
2841110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2842110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2843110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
2844110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
2845110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2846110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4cf0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
2847110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
2848110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2849110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4cf0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
2850110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
2851110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2852110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed32c0000 'api-ms-win-core-com-l1-1-0.dll'
2853110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2854110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\iertutil.dll)
2855110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\iertutil.dll
2856110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec5cf0000 LB 0x002a6000 C:\WINDOWS\System32\iertutil.dll [fFlags=0x0]
2857110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\iertutil.dll [avoiding WinVerifyTrust]
2858110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2859110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2860110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2861110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2862110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\iertutil.dll'
2863110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
2864110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2865110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3e00000 'C:\WINDOWS\system32\ole32.dll'
2866110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
2867110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2868110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3600000 'C:\WINDOWS\System32\MSCTF.dll'
2869110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3e00000 'C:\WINDOWS\System32\ole32.dll'
2870110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
2871110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
2872110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed31f0000 'C:\WINDOWS\System32\OLEAUT32.dll'
2873110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b40 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2874110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2875110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2876110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
2877110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2878110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2879110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
2880110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2881110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2882110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2883110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
2884110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2885110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2886110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2887110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2888110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2889110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2890110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2891110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
2892110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2893110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2894110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
2895110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2896110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2897110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
2898110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
2899110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
2900110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2901110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2902110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2903110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2904110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2905110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2906110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2907110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2908110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
2909110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
2910110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
2911110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
2912110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2913110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2914110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2915110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2916110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2917110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec8c50000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
2918110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2919110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec8f40000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2920110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
2921110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
2922110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2923110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2924110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8f40000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2925110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2926110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2927110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2928110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
2929110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2930110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2931110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
2932110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2933110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2934110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2935110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2936110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2937110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2938110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2939110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2940110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2941110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2942110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2943110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec8b20000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2944110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
2945110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8b20000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2946110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
2947110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2948110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-localization-l1-2-0.dll'
2949110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
2950110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
2951110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
2952110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b84 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2953110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2954110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2955110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
2956110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2957110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2958110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
2959110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2960110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2961110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
2962110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2963110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2964110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2965110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2966110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
2967110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2968110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2969110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
2970110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2971110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec8590000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2972110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
2973110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8590000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2974110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b7c pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
2975110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
2976110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
2977110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
2978110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
2979110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
2980110c.3268: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.592.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
2981110c.3268: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2982110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2983110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
2984110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
2985110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
2986110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
2987110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2988110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2989110c.3268: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
2990110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2991110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2992110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2993110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2994110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
2995110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
2996110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec8150000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
2997110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
2998110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8150000 'C:\WINDOWS\System32\amsi.dll'
2999110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3000110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3001110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
3002110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3003110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
3004110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MpOAV.dll) WinVerifyTrust
3005110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MpOAV.dll
3006110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3007110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3008110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3009110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3010110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3011110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3012110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3013110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MpOAV.dll
3014110c.3268: supR3HardenedDllNotificationCallback: load 00007ffec8100000 LB 0x00046000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpOav.dll [fFlags=0x0]
3015110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MpOAV.dll
3016110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3017110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3018110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-synch-l1-2-0'
3019110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
3020110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3021110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-fibers-l1-1-1'
3022110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
3023110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3024110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-synch-l1-2-0'
3025110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
3026110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3027110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-fibers-l1-1-1'
3028110c.3268: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
3029110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3030110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed1fc0000 'api-ms-win-core-localization-l1-2-1'
3031110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
3032110c.3268: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3033110c.3268: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll)
3034110c.3268: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
3035110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3036110c.3268: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3037110c.3268: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
3038110c.3268: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
3039110c.3268: supR3HardenedDllNotificationCallback: load 00007ffeccfa0000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
3040110c.3268: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
3041110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeccfa0000 'C:\WINDOWS\system32\version.dll'
3042110c.3268: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
3043110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
3044110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8100000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpOav.dll'
3045110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3046110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3047110c.3268: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\version.dll'
3048110c.3268: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3fc0000 'C:\WINDOWS\System32\ADVAPI32.dll'
3049110c.2688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3050110c.2688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3051110c.2688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3052110c.2688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
3053110c.2688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3054110c.2688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3055110c.2688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3056110c.2688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3057110c.2688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3058110c.2688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3059110c.2688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3060110c.2688: supR3HardenedDllNotificationCallback: load 00007ffea0100000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
3061110c.2688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3062110c.2688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea0100000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3063110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3064110c.30b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3065110c.30b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3066110c.30b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3067110c.30b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3068110c.30b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3069110c.30b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3070110c.30b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
3071110c.30b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3072110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3073110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3074110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3075110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3076110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3077110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3078110c.30b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3079110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3080110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3081110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3082110c.30b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3083110c.30b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3084110c.30b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3085110c.30b4: supR3HardenedDllNotificationCallback: load 00007ffece8a0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
3086110c.30b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
3087110c.30b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffece8a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
3088110c.135c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3089110c.135c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3090110c.135c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3091110c.135c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3092110c.135c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
3093110c.135c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3094110c.135c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3095110c.135c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3096110c.135c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3097110c.135c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3098110c.135c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3099110c.135c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3100110c.135c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3101110c.135c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3102110c.135c: supR3HardenedDllNotificationCallback: load 00007ffecce00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
3103110c.135c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
3104110c.135c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecce00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
3105110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
3106110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3107110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4190000 'C:\WINDOWS\system32\Shell32.dll'
3108110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3109110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3110110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3111110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3112110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3113110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
3114110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
3115110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3116110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3117110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
3118110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
3119110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
3120110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
3121110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
3122110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
3123110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
3124110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3125110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3126110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
3127110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3128110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3129110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3130110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3131110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3132110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
3133110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3134110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3135110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3136110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3137110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3138110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
3139110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
3140110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
3141110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
3142110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
3143110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3144110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3145110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
3146110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
3147110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
3148110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
3149110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
3150110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3151110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3152110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
3153110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3154110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3155110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3156110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3157110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3158110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3159110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3160110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
3161110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3162110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
3163110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
3164110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3165110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3166110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3167110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3168110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
3169110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3170110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3171110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3172110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3173110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
3174110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
3175110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
3176110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3177110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3178110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3179110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3180110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3181110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3182110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3183110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3184110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3185110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3186110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3187110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3188110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
3189110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3190110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3191110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3192110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3193110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3194110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3195110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3196110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
3197110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3198110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3199110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3200110c.684: supR3HardenedDllNotificationCallback: load 00007ffed4880000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
3201110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
3202110c.684: supR3HardenedDllNotificationCallback: load 00007ffebff50000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3203110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
3204110c.684: supR3HardenedDllNotificationCallback: load 00007ffe7cbb0000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3205110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3206110c.684: supR3HardenedDllNotificationCallback: load 00007ffed1340000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
3207110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3208110c.684: supR3HardenedDllNotificationCallback: load 00007ffe781d0000 LB 0x009e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3209110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
3210110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe781d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
3211110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3212110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
3213110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3214110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffea07e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
3215110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3216110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
3217110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3218110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe7cbb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
3219110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3220110c.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3221110c.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3222110c.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3223110c.325c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3224110c.325c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3225110c.325c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3226110c.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3227110c.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3228110c.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3229110c.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3230110c.325c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3231110c.325c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3232110c.325c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3233110c.325c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3234110c.325c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3235110c.325c: supR3HardenedDllNotificationCallback: load 00007ffec8ac0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3236110c.325c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
3237110c.325c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8ac0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
3238110c.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3239110c.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3240110c.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3241110c.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
3242110c.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
3243110c.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3244110c.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3245110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3246110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3247110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3248110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3249110c.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3250110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3251110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3252110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3253110c.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3254110c.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3255110c.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3256110c.2d84: supR3HardenedDllNotificationCallback: load 00007ffec97f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3257110c.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
3258110c.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec97f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
3259110c.288: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3260110c.288: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3261110c.288: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3262110c.288: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3263110c.288: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3264110c.288: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3265110c.288: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3266110c.288: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3267110c.288: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3268110c.288: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3269110c.288: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3270110c.288: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3271110c.288: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3272110c.288: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3273110c.288: supR3HardenedDllNotificationCallback: load 00007ffec8a90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3274110c.288: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
3275110c.288: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8a90000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
3276110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3277110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3278110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3279110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
3280110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
3281110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3282110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3283110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
3284110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
3285110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3286110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3287110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
3288110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll) WinVerifyTrust
3289110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
3290110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3291110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3292110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3293110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3294110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
3295110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3296110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3297110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
3298110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3299110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3300110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
3301110c.684: supR3HardenedDllNotificationCallback: load 00007ffed1bc0000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
3302110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
3303110c.684: supR3HardenedDllNotificationCallback: load 00007ffecc690000 LB 0x00072000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3304110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3305110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc690000 'C:\WINDOWS\System32\MMDevApi.dll'
3306110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001004 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
3307110c.684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
3308110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
3309110c.684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
3310110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3311110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3312110c.684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
3313110c.684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3314110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3315110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
3316110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll) WinVerifyTrust
3317110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
3318110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3319110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3320110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3321110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3322110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3323110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3324110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3325110c.684: supR3HardenedDllNotificationCallback: load 00007ffe88ee0000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3326110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3327110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3328110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3329110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\System32\dsound.dll'
3330110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\System32\dsound.dll'
3331110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3332110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3333110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3334110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3335110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3336110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc690000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
3337110c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3338110c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3339110c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3340110c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
3341110c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3342110c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
3343110c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
3344110c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3345110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3346110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3347110c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3348110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3349110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3350110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3351110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3352110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3353110c.fb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3354110c.fb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
3355110c.fb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3356110c.fb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3357110c.fb4: supR3HardenedDllNotificationCallback: load 00007ffecc930000 LB 0x0015d000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
3358110c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
3359110c.fb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc930000 'C:\WINDOWS\System32\AUDIOSES.DLL'
3360110c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3361110c.fb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
3362110c.fb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll)
3363110c.fb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll
3364110c.fb4: supR3HardenedDllNotificationCallback: load 00007ffed0460000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
3365110c.fb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
3366110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3367110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3368110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3369110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3370110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3371110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3372110c.684: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ResourcePolicyClient.dll'
3373110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3374110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3375110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3376110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010c0 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3377110c.684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
3378110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
3379110c.684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
3380110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3381110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3382110c.684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
3383110c.684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3384110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3385110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
3386110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
3387110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
3388110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv) WinVerifyTrust
3389110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3390110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3391110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3392110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3393110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3394110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll) WinVerifyTrust
3395110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
3396110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3397110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3398110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3399110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3400110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3401110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll) WinVerifyTrust
3402110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3403110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3404110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3405110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3406110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3407110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3408110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
3409110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3410110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3411110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3412110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3413110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3414110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3415110c.684: supR3HardenedDllNotificationCallback: load 00007ffece890000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
3416110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
3417110c.684: supR3HardenedDllNotificationCallback: load 00007ffeccae0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
3418110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3419110c.684: supR3HardenedDllNotificationCallback: load 00007ffecc450000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
3420110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3421110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3422110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3423110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3424110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3425110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3426110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3427110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3428110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3429110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3430110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3431110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3432110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3433110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3434110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3435110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3436110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3437110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
3438110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3439110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3440110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
3441110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d4 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
3442110c.684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
3443110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
3444110c.684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
3445110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3446110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3447110c.684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
3448110c.684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3449110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3450110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
3451110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
3452110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
3453110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv) WinVerifyTrust
3454110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3455110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
3456110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
3457110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
3458110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3459110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3460110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3461110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3462110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3463110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll) WinVerifyTrust
3464110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3465110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3466110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3467110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
3468110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3469110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3470110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3471110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3472110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3473110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3474110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3475110c.684: supR3HardenedDllNotificationCallback: load 00007ffe86a40000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
3476110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3477110c.684: supR3HardenedDllNotificationCallback: load 00007ffecdb80000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
3478110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3479110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3480110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3481110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3482110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3483110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3484110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3485110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3486110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3487110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3488110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3489110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3490110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3491110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3492110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3493110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3494110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3495110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
3496110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3497110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3498110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3499110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3500110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdb80000 'C:\WINDOWS\System32\msacm32.drv'
3501110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010ec pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
3502110c.684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
3503110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
3504110c.684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
3505110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3506110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3507110c.684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
3508110c.684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3509110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3510110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
3511110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll) WinVerifyTrust
3512110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
3513110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3514110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3515110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3516110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3517110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3518110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3519110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3520110c.684: supR3HardenedDllNotificationCallback: load 00007ffe86a30000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
3521110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3522110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86a30000 'C:\WINDOWS\System32\midimap.dll'
3523110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3524110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3525110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86a30000 'C:\WINDOWS\System32\midimap.dll'
3526110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3527110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3528110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86a30000 'C:\WINDOWS\System32\midimap.dll'
3529110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
3530110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
3531110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe86a30000 'C:\WINDOWS\System32\midimap.dll'
3532110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3533110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3534110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3535110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3536110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3537110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3538110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3539110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3540110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3541110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3542110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3543110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3544110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3545110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3546110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3547110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3548110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3549110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3550110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3551110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3552110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3553110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3554110c.2cd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3555110c.2cd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3556110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3557110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3558110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3559110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3560110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3561110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3562110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3563110c.2cd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3564110c.2cd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3565110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3566110c.2cd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3567110c.2cd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3568110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3569110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3570110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3571110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3572110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3573110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3574110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3575110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3576110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3577110c.2cd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3578110c.2cd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3579110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3580110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3581110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3582110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3583110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3584110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3585110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3586110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3587110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3588110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3589110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3590110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3591110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3592110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3593110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3594110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3595110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3596110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3597110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3598110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3599110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3600110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3601110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3602110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3603110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3604110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3605110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3606110c.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3607110c.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3608110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3609110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3610110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3611110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3612110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3613110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3614110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3615110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3616110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3617110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3618110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3619110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3620110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3621110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3622110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3623110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3624110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3625110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3626110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3627110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3628110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3629110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3630110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3631110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3632110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3633110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3634110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3635110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3636110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3637110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3638110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3639110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3640110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3641110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3642110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3643110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3644110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3645110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3646110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3647110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3648110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3649110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3650110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3651110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3652110c.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3653110c.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3654110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3655110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3656110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3657110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3658110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3659110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3660110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3661110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3662110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3663110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3664110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3665110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3666110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3667110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3668110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3669110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3670110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3671110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3672110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3673110c.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3674110c.30b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4cf0000 'C:\WINDOWS\system32\User32.dll'
3675110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3676110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3677110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3678110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3679110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3680110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3681110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3682110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3683110c.2cd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3684110c.2cd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3685110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3686110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3687110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3688110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3689110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3690110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3691110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3692110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3693110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3694110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3695110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
3696110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3697110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2360000 'C:\WINDOWS\System32\WINTRUST.DLL'
3698110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\CRYPT32.dll'
3699110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3700110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3701110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
3702110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'combase.dll'.
3703110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shcore.dll'.
3704110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'textinputframework.dll'.
3705110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'inputhost.dll'.
3706110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
3707110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\Windows.UI.dll) WinVerifyTrust
3708110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
3709110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3710110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3711110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'inputhost.dll'...
3712110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'inputhost.dll' -> '\Device\HarddiskVolume4\Windows\System32\inputhost.dll' [rcNtRedir=0xc0150008]
3713110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3714110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3715110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3716110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'coremessaging.dll'.
3717110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'coreuicomponents.dll'.
3718110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'propsys.dll'.
3719110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'shcore.dll'.
3720110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'win32u.dll'.
3721110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
3722110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\InputHost.dll) WinVerifyTrust
3723110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\InputHost.dll
3724110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
3725110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume4\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
3726110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
3727110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3728110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3729110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
3730110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3731110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3732110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
3733110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3734110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3735110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3736110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3737110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
3738110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
3739110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3740110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3741110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
3742110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
3743110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
3744110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
3745110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
3746110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
3747110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
3748110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
3749110c.684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
3750110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll) WinVerifyTrust
3751110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
3752110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
3753110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
3754110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
3755110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
3756110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
3757110c.684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
3758110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
3759110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
3760110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3761110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3762110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3763110c.684: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3764110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
3765110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
3766110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
3767110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
3768110c.684: supR3HardenedDllNotificationCallback: load 00007ffece370000 LB 0x000ef000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
3769110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\propsys.dll
3770110c.684: supR3HardenedDllNotificationCallback: load 00007ffebe010000 LB 0x0011a000 C:\Windows\System32\InputHost.dll [fFlags=0x0]
3771110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\InputHost.dll
3772110c.684: supR3HardenedDllNotificationCallback: load 00007ffebe1d0000 LB 0x00151000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
3773110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\Windows.UI.dll
3774110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebe1d0000 'C:\Windows\System32\Windows.UI.dll'
3775110c.2f78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
3776110c.2f78: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3777110c.2f78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeccae0000 'C:\WINDOWS\System32\avrt.dll'
3778110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3779110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3780110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3781110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3782110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3783110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3784110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3785110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3786110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3787110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3788110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3789110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3790110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3791110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3792110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3793110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3794110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3795110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3796110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3797110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3798110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3799110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3800110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3801110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3802110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3803110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3804110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3805110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3806110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3807110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3808110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3809110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3810110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3811110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3812110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3813110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3814110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3815110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3816110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3817110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3818110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3819110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3820110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3821110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3822110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3823110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3824110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3825110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3826110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3827110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3828110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3829110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3830110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3831110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3832110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3833110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3834110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3835110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3836110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3837110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3838110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3839110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3840110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3841110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3842110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3843110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3844110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3845110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3846110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3847110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3848110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3849110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3850110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3851110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3852110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3853110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3854110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3855110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3856110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3857110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3858110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3859110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3860110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3861110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3862110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3863110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3864110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3865110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3866110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3867110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3868110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3869110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3870110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3871110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3872110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3873110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3874110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3875110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3876110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3877110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3878110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3879110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3880110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
3881110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3882110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3883110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3884110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3885110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3886110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3887110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3888110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3889110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3890110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3891110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3892110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3893110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3894110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3895110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3896110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3897110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3898110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3899110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3900110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3901110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3902110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3903110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3904110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3905110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3906110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3907110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3908110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3909110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3910110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3911110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3912110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3913110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3914110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3915110c.2cd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
3916110c.2cd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
3917110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3918110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3919110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3920110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3921110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3922110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3923110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3924110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3925110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3926110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3927110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3928110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3929110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3930110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3931110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3932110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3933110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3934110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3935110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3936110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3937110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3938110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3939110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3940110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3941110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3942110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3943110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3944110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3945110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3946110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3947110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3948110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3949110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3950110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3951110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3952110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3953110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3954110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3955110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3956110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3957110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3958110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3959110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3960110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3961110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3962110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3963110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3964110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3965110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3966110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3967110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3968110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3969110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3970110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3971110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3972110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3973110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3974110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3975110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3976110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3977110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3978110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3979110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3980110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3981110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3982110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3983110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3984110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3985110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3986110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3987110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3988110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3989110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
3990110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3991110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3992110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3993110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3994110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3995110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3996110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3997110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3998110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
3999110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4000110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4001110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4002110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4003110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4004110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4005110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4006110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4007110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4008110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4009110c.30b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4cf0000 'C:\WINDOWS\system32\User32.dll'
4010110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4011110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4012110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4013110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4014110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4015110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4016110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4017110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4018110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4019110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4020110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4021110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4022110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4023110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4024110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4025110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4026110c.b18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4027110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4028110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4029110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4030110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4031110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4032110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4033110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4034110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4035110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4036110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4037110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4038110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4039110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4040110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4041110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4042110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4043110c.2cd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4044110c.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
4045110c.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
4046110c.2a24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
4047110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4048110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4049110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
4050110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
4051110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc450000 'C:\WINDOWS\System32\wdmaud.drv'
4052110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4053110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4054110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4055110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4056110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4057110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4058110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4059110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4060110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4061110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4062110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4063110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4064110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4065110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4066110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4067110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4068110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4069110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4070110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4071110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4072110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4073110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe88ee0000 'C:\WINDOWS\system32\dsound.dll'
4074110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4075110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4076110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4077110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4078110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4079110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4080110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4081110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4082110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec40c0000 'C:\WINDOWS\System32\winmm.dll'
4083110c.684: KiUserExceptionDispatcher: 0xc0000005 (0000000000000001, 0000000000000021) @ 00007ffe88f08201 (flags=0x0)
4084 rax=0000000000000000 rbx=000000001427a418 rcx=3c53446916460000 rdx=0000000000000000
4085 rsi=0000000000000001 rdi=0000000000000021 r8 =000000000a3ef0c8 r9 =0000000007008030
4086 r10=0000000000000000 r11=000000000a3ef3a0 r12=0000000000000003 r13=0000000000000000
4087 r14=0000000007008158 r15=00007ffe7834ca04 P1=0000000000000000 P2=0000000000000000
4088 rip=00007ffe88f08201 rsp=000000000a3ef410 rbp=0000000007008030 ctxflags=0010005f
4089 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010206 mxcrx=00001fa0
4090 P3=000000000a3eee20 P4=0000000001cde0d8 P5=0000000001cde0b0 P6=0000000001cde0f4
4091 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
4092 dr6=0000000000000000 dr7=0000000000000000 vcr=000000000a3ef1a0 dcr=00007ffe88effdfc
4093 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
4094110c.684: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
4095110c.684: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4096110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed3890000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
4097110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
4098110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
4099110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4100110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2360000 'C:\WINDOWS\System32\WINTRUST.DLL'
4101110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\CRYPT32.dll'
4102110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
4103110c.684: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
4104110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
4105110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4106110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4107110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4f00000 'C:\WINDOWS\System32\ntdll.dll'
4108110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001790 pwszName=\Device\HarddiskVolume4\Windows\System32\apphelp.dll
4109110c.684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001599bc0
4110110c.684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001599bc0
4111110c.684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CAB05C7236BF75A3E9746E25E1039005E1268927
4112110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed11a0000 'C:\WINDOWS\system32\rsaenh.dll'
4113110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed2540000 'C:\WINDOWS\System32\crypt32.dll'
4114110c.684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0414~31bf3856ad364e35~amd64~~10.0.18362.657.cat'; file='\Device\HarddiskVolume4\Windows\System32\apphelp.dll'
4115110c.684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
4116110c.684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll) WinVerifyTrust
4117110c.684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
4118110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4119110c.684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll
4120110c.684: supR3HardenedDllNotificationCallback: load 00007ffecffa0000 LB 0x0008f000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
4121110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll
4122110c.684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll
4123110c.684: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4124110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed4f00000 'C:\WINDOWS\System32\ntdll.dll'
4125110c.684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecffa0000 'C:\WINDOWS\system32\apphelp.dll'
4126e78.26bc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 713029 ms, the end);
4127a9c.2fd8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 713710 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy