Ticket #18594: VBoxHardening.3.log

12c4.39c0: Log file opened: 6.0.6r130049 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0456300
12c4.39c0: \SystemRoot\System32\ntdll.dll:
12c4.39c0:     CreationTime:    2019-04-16T14:28:19.371663500Z
12c4.39c0:     LastWriteTime:   2019-04-16T14:28:19.397039200Z
12c4.39c0:     ChangeTime:      2019-04-16T17:59:00.884852400Z
12c4.39c0:     FileAttributes:  0x20
12c4.39c0:     Size:            0x1e7010
12c4.39c0:     NT Headers:      0xe0
12c4.39c0:     Timestamp:       0xbf6ea104
12c4.39c0:     Machine:         0x8664 - amd64
12c4.39c0:     Timestamp:       0xbf6ea104
12c4.39c0:     Image Version:   10.0
12c4.39c0:     SizeOfImage:     0x1ed000 (2019328)
12c4.39c0:     Resource Dir:    0x17d000 LB 0x6ea08
12c4.39c0:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
12c4.39c0:     [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
12c4.39c0:     ProductName:     Microsoft® Windows® Operating System
12c4.39c0:     ProductVersion:  10.0.17763.404
12c4.39c0:     FileVersion:     10.0.17763.404 (WinBuild.160101.0800)
12c4.39c0:     FileDescription: NT Layer DLL
12c4.39c0: \SystemRoot\System32\kernel32.dll:
12c4.39c0:     CreationTime:    2019-04-16T14:28:17.650736300Z
12c4.39c0:     LastWriteTime:   2019-04-16T14:28:17.658541500Z
12c4.39c0:     ChangeTime:      2019-04-16T17:59:00.463076400Z
12c4.39c0:     FileAttributes:  0x20
12c4.39c0:     Size:            0xb13a8
12c4.39c0:     NT Headers:      0xe8
12c4.39c0:     Timestamp:       0xa9e3d878
12c4.39c0:     Machine:         0x8664 - amd64
12c4.39c0:     Timestamp:       0xa9e3d878
12c4.39c0:     Image Version:   10.0
12c4.39c0:     SizeOfImage:     0xb3000 (733184)
12c4.39c0:     Resource Dir:    0xb1000 LB 0x520
12c4.39c0:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
12c4.39c0:     [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
12c4.39c0:     ProductName:     Microsoft® Windows® Operating System
12c4.39c0:     ProductVersion:  10.0.17763.437
12c4.39c0:     FileVersion:     10.0.17763.437 (WinBuild.160101.0800)
12c4.39c0:     FileDescription: Windows NT BASE API Client DLL
12c4.39c0: \SystemRoot\System32\KernelBase.dll:
12c4.39c0:     CreationTime:    2019-04-16T14:28:19.033065300Z
12c4.39c0:     LastWriteTime:   2019-04-16T14:28:19.068203600Z
12c4.39c0:     ChangeTime:      2019-04-16T17:59:00.916095800Z
12c4.39c0:     FileAttributes:  0x20
12c4.39c0:     Size:            0x2937f8
12c4.39c0:     NT Headers:      0xf8
12c4.39c0:     Timestamp:       0x2528b630
12c4.39c0:     Machine:         0x8664 - amd64
12c4.39c0:     Timestamp:       0x2528b630
12c4.39c0:     Image Version:   10.0
12c4.39c0:     SizeOfImage:     0x293000 (2699264)
12c4.39c0:     Resource Dir:    0x26f000 LB 0x548
12c4.39c0:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
12c4.39c0:     [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
12c4.39c0:     ProductName:     Microsoft® Windows® Operating System
12c4.39c0:     ProductVersion:  10.0.17763.404
12c4.39c0:     FileVersion:     10.0.17763.404 (WinBuild.160101.0800)
12c4.39c0:     FileDescription: Windows NT BASE API Client DLL
12c4.39c0: \SystemRoot\System32\apisetschema.dll:
12c4.39c0:     CreationTime:    2018-09-15T07:28:25.403122600Z
12c4.39c0:     LastWriteTime:   2018-09-15T07:28:25.403122600Z
12c4.39c0:     ChangeTime:      2019-03-23T01:02:21.080644700Z
12c4.39c0:     FileAttributes:  0x20
12c4.39c0:     Size:            0x1c738
12c4.39c0:     NT Headers:      0xd0
12c4.39c0:     Timestamp:       0x33775897
12c4.39c0:     Machine:         0x8664 - amd64
12c4.39c0:     Timestamp:       0x33775897
12c4.39c0:     Image Version:   10.0
12c4.39c0:     SizeOfImage:     0x1d000 (118784)
12c4.39c0:     Resource Dir:    0x1c000 LB 0x408
12c4.39c0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12c4.39c0:     [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
12c4.39c0:     ProductName:     Microsoft® Windows® Operating System
12c4.39c0:     ProductVersion:  10.0.17763.1
12c4.39c0:     FileVersion:     10.0.17763.1 (WinBuild.160101.0800)
12c4.39c0:     FileDescription: ApiSet Schema DLL
12c4.39c0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
12c4.39c0: supR3HardenedWinFindAdversaries: 0x0
12c4.39c0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
12c4.39c0: Calling main()
12c4.39c0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
12c4.39c0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
12c4.39c0: SUPR3HardenedMain: Respawn #1
12c4.39c0: System32:  \Device\HarddiskVolume3\Windows\System32
12c4.39c0: WinSxS:    \Device\HarddiskVolume3\Windows\WinSxS
12c4.39c0: KnownDllPath: C:\Windows\System32
12c4.39c0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
12c4.39c0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
12c4.39c0: supR3HardNtEnableThreadCreation:
12c4.39c0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd48395660 pvNtTerminateThread=00007ffd483c00e0
12c4.39c0: supR3HardenedWinDoReSpawn(1): New child 1030.2c68 [kernel32].
12c4.39c0: supR3HardNtChildGatherData: PebBaseAddress=0000000000796000 cbPeb=0x388
12c4.39c0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd48320000 uNtDllChildAddr=00007ffd48320000
12c4.39c0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd48395660
12c4.39c0: supR3HardenedWinSetupChildInit: Start child.
12c4.39c0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
12c4.39c0: supR3HardNtChildPurify: Startup delay kludge #1/0: 267 ms, 15 sleeps
12c4.39c0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12c4.39c0:  *0000000000000000-000000000046ffff 0x0001/0x0000 0x0000000
12c4.39c0:  *0000000000470000-000000000048ffff 0x0004/0x0004 0x0020000
12c4.39c0:  *0000000000490000-00000000004a9fff 0x0002/0x0002 0x0040000
12c4.39c0:   00000000004aa000-00000000004affff 0x0001/0x0000 0x0000000
12c4.39c0:  *00000000004b0000-00000000005aafff 0x0000/0x0004 0x0020000
12c4.39c0:   00000000005ab000-00000000005adfff 0x0104/0x0004 0x0020000
12c4.39c0:   00000000005ae000-00000000005affff 0x0004/0x0004 0x0020000
12c4.39c0:  *00000000005b0000-00000000005b3fff 0x0002/0x0002 0x0040000
12c4.39c0:   00000000005b4000-00000000005bffff 0x0001/0x0000 0x0000000
12c4.39c0:  *00000000005c0000-00000000005c1fff 0x0004/0x0004 0x0020000
12c4.39c0:   00000000005c2000-00000000005fffff 0x0001/0x0000 0x0000000
12c4.39c0:  *0000000000600000-0000000000795fff 0x0000/0x0004 0x0020000
12c4.39c0:   0000000000796000-0000000000798fff 0x0004/0x0004 0x0020000
12c4.39c0:   0000000000799000-00000000007fffff 0x0000/0x0004 0x0020000
12c4.39c0:   0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
12c4.39c0:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
12c4.39c0:   000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
12c4.39c0:  *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
12c4.39c0:   000000007ffec000-00007ff5963fffff 0x0001/0x0000 0x0000000
12c4.39c0:  *00007ff596400000-00007ff596400fff 0x0002/0x0002 0x0040000
12c4.39c0:   00007ff596401000-00007ff59640ffff 0x0001/0x0000 0x0000000
12c4.39c0:  *00007ff596410000-00007ff596432fff 0x0002/0x0002 0x0040000
12c4.39c0:   00007ff596433000-00007ff78e8bffff 0x0001/0x0000 0x0000000
12c4.39c0:  *00007ff78e8c0000-00007ff78e8c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e8c1000-00007ff78e934fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e935000-00007ff78e935fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e936000-00007ff78e97cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e97d000-00007ff78e97dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e97e000-00007ff78e97efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e97f000-00007ff78e983fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e984000-00007ff78e984fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e985000-00007ff78e985fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e986000-00007ff78e989fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e98a000-00007ff78e9d2fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12c4.39c0:   00007ff78e9d3000-00007ffd4831ffff 0x0001/0x0000 0x0000000
12c4.39c0:  *00007ffd48320000-00007ffd48320fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd48321000-00007ffd48437fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd48438000-00007ffd4847efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd4847f000-00007ffd48489fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd4848a000-00007ffd48497fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd48498000-00007ffd48498fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd48499000-00007ffd4849bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd4849c000-00007ffd4850cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
12c4.39c0:   00007ffd4850d000-00007ffffffeffff 0x0001/0x0000 0x0000000
12c4.39c0: VirtualBoxVM.exe: timestamp 0x5cb5a5f0 (rc=VINF_SUCCESS)
12c4.39c0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
12c4.39c0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
12c4.39c0: supR3HardNtChildPurify: Done after 288 ms and 0 fixes (loop #0).
1030.2c68: Log file opened: 6.0.6r130049 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
1030.2c68: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd48320000 g_uNtVerCombined=0xa0456300
12c4.39c0: supR3HardNtEnableThreadCreation:
1030.2c68: ntdll.dll: timestamp 0xbf6ea104 (rc=VINF_SUCCESS)
1030.2c68: New simple heap: #1 0000000000900000 LB 0x400000 (for 2019328 allocation)
1030.2c68: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1030.2c68: System32:  \Device\HarddiskVolume3\Windows\System32
1030.2c68: WinSxS:    \Device\HarddiskVolume3\Windows\WinSxS
1030.2c68: KnownDllPath: C:\Windows\System32
1030.2c68: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1030.2c68: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1030.2c68: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1030.2c68: Registered Dll notification callback with NTDLL.
1030.2c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1030.2c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1030.2c68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1030.2c68: supR3HardenedDllNotificationCallback: load   00007ffd45160000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
1030.2c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1030.2c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1030.2c68: supR3HardenedDllNotificationCallback: load   00007ffd47ba0000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
1030.2c68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1030.2c68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\KERNEL32.DLL'
1030.2c68: supR3HardenedDllNotificationCallback: load   00007ff78e8c0000 LB 0x00113000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
1030.2c68: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1030.2c68: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1030.2c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd48395660 pvNtTerminateThread=00007ffd483c00e0
12c4.39c0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.
1030.2c68: \SystemRoot\System32\ntdll.dll:
1030.2c68:     CreationTime:    2019-04-16T14:28:19.371663500Z
1030.2c68:     LastWriteTime:   2019-04-16T14:28:19.397039200Z
1030.2c68:     ChangeTime:      2019-04-16T17:59:00.884852400Z
1030.2c68:     FileAttributes:  0x20
1030.2c68:     Size:            0x1e7010
1030.2c68:     NT Headers:      0xe0
1030.2c68:     Timestamp:       0xbf6ea104
1030.2c68:     Machine:         0x8664 - amd64
1030.2c68:     Timestamp:       0xbf6ea104
1030.2c68:     Image Version:   10.0
1030.2c68:     SizeOfImage:     0x1ed000 (2019328)
1030.2c68:     Resource Dir:    0x17d000 LB 0x6ea08
1030.2c68:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1030.2c68:     [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1030.2c68:     ProductName:     Microsoft® Windows® Operating System
1030.2c68:     ProductVersion:  10.0.17763.404
1030.2c68:     FileVersion:     10.0.17763.404 (WinBuild.160101.0800)
1030.2c68:     FileDescription: NT Layer DLL
1030.2c68: \SystemRoot\System32\kernel32.dll:
1030.2c68:     CreationTime:    2019-04-16T14:28:17.650736300Z
1030.2c68:     LastWriteTime:   2019-04-16T14:28:17.658541500Z
1030.2c68:     ChangeTime:      2019-04-16T17:59:00.463076400Z
1030.2c68:     FileAttributes:  0x20
1030.2c68:     Size:            0xb13a8
1030.2c68:     NT Headers:      0xe8
1030.2c68:     Timestamp:       0xa9e3d878
1030.2c68:     Machine:         0x8664 - amd64
1030.2c68:     Timestamp:       0xa9e3d878
1030.2c68:     Image Version:   10.0
1030.2c68:     SizeOfImage:     0xb3000 (733184)
1030.2c68:     Resource Dir:    0xb1000 LB 0x520
1030.2c68:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1030.2c68:     [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1030.2c68:     ProductName:     Microsoft® Windows® Operating System
1030.2c68:     ProductVersion:  10.0.17763.437
1030.2c68:     FileVersion:     10.0.17763.437 (WinBuild.160101.0800)
1030.2c68:     FileDescription: Windows NT BASE API Client DLL
1030.2c68: \SystemRoot\System32\KernelBase.dll:
1030.2c68:     CreationTime:    2019-04-16T14:28:19.033065300Z
1030.2c68:     LastWriteTime:   2019-04-16T14:28:19.068203600Z
1030.2c68:     ChangeTime:      2019-04-16T17:59:00.916095800Z
1030.2c68:     FileAttributes:  0x20
1030.2c68:     Size:            0x2937f8
1030.2c68:     NT Headers:      0xf8
1030.2c68:     Timestamp:       0x2528b630
1030.2c68:     Machine:         0x8664 - amd64
1030.2c68:     Timestamp:       0x2528b630
1030.2c68:     Image Version:   10.0
1030.2c68:     SizeOfImage:     0x293000 (2699264)
1030.2c68:     Resource Dir:    0x26f000 LB 0x548
1030.2c68:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1030.2c68:     [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1030.2c68:     ProductName:     Microsoft® Windows® Operating System
1030.2c68:     ProductVersion:  10.0.17763.404
1030.2c68:     FileVersion:     10.0.17763.404 (WinBuild.160101.0800)
1030.2c68:     FileDescription: Windows NT BASE API Client DLL
1030.2c68: \SystemRoot\System32\apisetschema.dll:
1030.2c68:     CreationTime:    2018-09-15T07:28:25.403122600Z
1030.2c68:     LastWriteTime:   2018-09-15T07:28:25.403122600Z
1030.2c68:     ChangeTime:      2019-03-23T01:02:21.080644700Z
1030.2c68:     FileAttributes:  0x20
1030.2c68:     Size:            0x1c738
1030.2c68:     NT Headers:      0xd0
1030.2c68:     Timestamp:       0x33775897
1030.2c68:     Machine:         0x8664 - amd64
1030.2c68:     Timestamp:       0x33775897
1030.2c68:     Image Version:   10.0
1030.2c68:     SizeOfImage:     0x1d000 (118784)
1030.2c68:     Resource Dir:    0x1c000 LB 0x408
1030.2c68:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1030.2c68:     [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1030.2c68:     ProductName:     Microsoft® Windows® Operating System
1030.2c68:     ProductVersion:  10.0.17763.1
1030.2c68:     FileVersion:     10.0.17763.1 (WinBuild.160101.0800)
1030.2c68:     FileDescription: ApiSet Schema DLL
1030.2c68: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1030.2c68: supR3HardenedWinFindAdversaries: 0x0
1030.2c68: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1030.2c68: Calling main()
1030.2c68: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1030.2c68: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1030.2c68: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1030.2c68: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1030.2c68: SUPR3HardenedMain: Respawn #2
1030.2c68: supR3HardNtEnableThreadCreation:
1030.2c68: supR3HardenedDllNotificationCallback: load   00007ffd46f90000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
1030.2c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
1030.2c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1030.2c68: supR3HardenedDllNotificationCallback: load   00007ffd47b00000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
1030.2c68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1030.2c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
1030.2c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
1030.2c68: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1030.2c68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
1030.2c68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1030.2c68: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1030.2c68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1030.2c68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1030.2c68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48320000 'C:\Windows\System32\ntdll.dll'
1030.2c68: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd48395660 pvNtTerminateThread=00007ffd483c00e0
1030.2c68: supR3HardenedWinDoReSpawn(2): New child 6e4.57c [kernel32].
1030.2c68: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
1030.2c68: supR3HardNtChildGatherData: PebBaseAddress=0000000000d24000 cbPeb=0x388
1030.2c68: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd48320000 uNtDllChildAddr=00007ffd48320000
1030.2c68: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd48395660
1030.2c68: supR3HardenedWinSetupChildInit: Start child.
1030.2c68: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1030.2c68: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 30 sleeps
1030.2c68: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1030.2c68:  *0000000000000000-0000000000a4ffff 0x0001/0x0000 0x0000000
1030.2c68:  *0000000000a50000-0000000000a6ffff 0x0004/0x0004 0x0020000
1030.2c68:  *0000000000a70000-0000000000a89fff 0x0002/0x0002 0x0040000
1030.2c68:   0000000000a8a000-0000000000a8ffff 0x0001/0x0000 0x0000000
1030.2c68:  *0000000000a90000-0000000000b8afff 0x0000/0x0004 0x0020000
1030.2c68:   0000000000b8b000-0000000000b8dfff 0x0104/0x0004 0x0020000
1030.2c68:   0000000000b8e000-0000000000b8ffff 0x0004/0x0004 0x0020000
1030.2c68:  *0000000000b90000-0000000000b93fff 0x0002/0x0002 0x0040000
1030.2c68:   0000000000b94000-0000000000b9ffff 0x0001/0x0000 0x0000000
1030.2c68:  *0000000000ba0000-0000000000ba1fff 0x0004/0x0004 0x0020000
1030.2c68:   0000000000ba2000-0000000000bfffff 0x0001/0x0000 0x0000000
1030.2c68:  *0000000000c00000-0000000000d23fff 0x0000/0x0004 0x0020000
1030.2c68:   0000000000d24000-0000000000d26fff 0x0004/0x0004 0x0020000
1030.2c68:   0000000000d27000-0000000000dfffff 0x0000/0x0004 0x0020000
1030.2c68:   0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
1030.2c68:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1030.2c68:   000000007ffe1000-000000007ffeafff 0x0001/0x0000 0x0000000
1030.2c68:  *000000007ffeb000-000000007ffebfff 0x0002/0x0002 0x0020000
1030.2c68:   000000007ffec000-00007ff5269bffff 0x0001/0x0000 0x0000000
1030.2c68:  *00007ff5269c0000-00007ff5269c0fff 0x0002/0x0002 0x0040000
1030.2c68:   00007ff5269c1000-00007ff5269cffff 0x0001/0x0000 0x0000000
1030.2c68:  *00007ff5269d0000-00007ff5269f2fff 0x0002/0x0002 0x0040000
1030.2c68:   00007ff5269f3000-00007ff78e8bffff 0x0001/0x0000 0x0000000
1030.2c68:  *00007ff78e8c0000-00007ff78e8c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e8c1000-00007ff78e934fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e935000-00007ff78e935fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e936000-00007ff78e97cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e97d000-00007ff78e97dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e97e000-00007ff78e97efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e97f000-00007ff78e983fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e984000-00007ff78e984fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e985000-00007ff78e985fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e986000-00007ff78e989fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e98a000-00007ff78e9d2fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1030.2c68:   00007ff78e9d3000-00007ffd4831ffff 0x0001/0x0000 0x0000000
1030.2c68:  *00007ffd48320000-00007ffd48320fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd48321000-00007ffd48437fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd48438000-00007ffd4847efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd4847f000-00007ffd48489fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd4848a000-00007ffd48497fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd48498000-00007ffd48498fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd48499000-00007ffd4849bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd4849c000-00007ffd4850cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1030.2c68:   00007ffd4850d000-00007ffffffeffff 0x0001/0x0000 0x0000000
1030.2c68: VirtualBoxVM.exe: timestamp 0x5cb5a5f0 (rc=VINF_SUCCESS)
1030.2c68: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1030.2c68: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1030.2c68: supR3HardNtChildPurify: Done after 289 ms and 0 fixes (loop #0).
6e4.57c: Log file opened: 6.0.6r130049 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
6e4.57c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd48320000 g_uNtVerCombined=0xa0456300
1030.2c68: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
1030.2c68: supR3HardNtEnableThreadCreation:
6e4.57c: ntdll.dll: timestamp 0xbf6ea104 (rc=VINF_SUCCESS)
6e4.57c: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2019328 allocation)
6e4.57c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6e4.57c: System32:  \Device\HarddiskVolume3\Windows\System32
6e4.57c: WinSxS:    \Device\HarddiskVolume3\Windows\WinSxS
6e4.57c: KnownDllPath: C:\Windows\System32
6e4.57c: supR3HardenedVmProcessInit: Opening vboxdrv...
6e4.57c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6e4.57c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6e4.57c: Registered Dll notification callback with NTDLL.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45160000 LB 0x00293000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47ba0000 LB 0x000b3000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\KERNEL32.DLL'
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ff78e8c0000 LB 0x00113000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
6e4.57c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
6e4.57c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd48395660 pvNtTerminateThread=00007ffd483c00e0
1030.2c68: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 71 ms.
6e4.57c: \SystemRoot\System32\ntdll.dll:
6e4.57c:     CreationTime:    2019-04-16T14:28:19.371663500Z
6e4.57c:     LastWriteTime:   2019-04-16T14:28:19.397039200Z
6e4.57c:     ChangeTime:      2019-04-16T17:59:00.884852400Z
6e4.57c:     FileAttributes:  0x20
6e4.57c:     Size:            0x1e7010
6e4.57c:     NT Headers:      0xe0
6e4.57c:     Timestamp:       0xbf6ea104
6e4.57c:     Machine:         0x8664 - amd64
6e4.57c:     Timestamp:       0xbf6ea104
6e4.57c:     Image Version:   10.0
6e4.57c:     SizeOfImage:     0x1ed000 (2019328)
6e4.57c:     Resource Dir:    0x17d000 LB 0x6ea08
6e4.57c:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6e4.57c:     [Raw version resource data: 0x17d0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6e4.57c:     ProductName:     Microsoft® Windows® Operating System
6e4.57c:     ProductVersion:  10.0.17763.404
6e4.57c:     FileVersion:     10.0.17763.404 (WinBuild.160101.0800)
6e4.57c:     FileDescription: NT Layer DLL
6e4.57c: \SystemRoot\System32\kernel32.dll:
6e4.57c:     CreationTime:    2019-04-16T14:28:17.650736300Z
6e4.57c:     LastWriteTime:   2019-04-16T14:28:17.658541500Z
6e4.57c:     ChangeTime:      2019-04-16T17:59:00.463076400Z
6e4.57c:     FileAttributes:  0x20
6e4.57c:     Size:            0xb13a8
6e4.57c:     NT Headers:      0xe8
6e4.57c:     Timestamp:       0xa9e3d878
6e4.57c:     Machine:         0x8664 - amd64
6e4.57c:     Timestamp:       0xa9e3d878
6e4.57c:     Image Version:   10.0
6e4.57c:     SizeOfImage:     0xb3000 (733184)
6e4.57c:     Resource Dir:    0xb1000 LB 0x520
6e4.57c:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6e4.57c:     [Raw version resource data: 0xb10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6e4.57c:     ProductName:     Microsoft® Windows® Operating System
6e4.57c:     ProductVersion:  10.0.17763.437
6e4.57c:     FileVersion:     10.0.17763.437 (WinBuild.160101.0800)
6e4.57c:     FileDescription: Windows NT BASE API Client DLL
6e4.57c: \SystemRoot\System32\KernelBase.dll:
6e4.57c:     CreationTime:    2019-04-16T14:28:19.033065300Z
6e4.57c:     LastWriteTime:   2019-04-16T14:28:19.068203600Z
6e4.57c:     ChangeTime:      2019-04-16T17:59:00.916095800Z
6e4.57c:     FileAttributes:  0x20
6e4.57c:     Size:            0x2937f8
6e4.57c:     NT Headers:      0xf8
6e4.57c:     Timestamp:       0x2528b630
6e4.57c:     Machine:         0x8664 - amd64
6e4.57c:     Timestamp:       0x2528b630
6e4.57c:     Image Version:   10.0
6e4.57c:     SizeOfImage:     0x293000 (2699264)
6e4.57c:     Resource Dir:    0x26f000 LB 0x548
6e4.57c:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6e4.57c:     [Raw version resource data: 0x26f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
6e4.57c:     ProductName:     Microsoft® Windows® Operating System
6e4.57c:     ProductVersion:  10.0.17763.404
6e4.57c:     FileVersion:     10.0.17763.404 (WinBuild.160101.0800)
6e4.57c:     FileDescription: Windows NT BASE API Client DLL
6e4.57c: \SystemRoot\System32\apisetschema.dll:
6e4.57c:     CreationTime:    2018-09-15T07:28:25.403122600Z
6e4.57c:     LastWriteTime:   2018-09-15T07:28:25.403122600Z
6e4.57c:     ChangeTime:      2019-03-23T01:02:21.080644700Z
6e4.57c:     FileAttributes:  0x20
6e4.57c:     Size:            0x1c738
6e4.57c:     NT Headers:      0xd0
6e4.57c:     Timestamp:       0x33775897
6e4.57c:     Machine:         0x8664 - amd64
6e4.57c:     Timestamp:       0x33775897
6e4.57c:     Image Version:   10.0
6e4.57c:     SizeOfImage:     0x1d000 (118784)
6e4.57c:     Resource Dir:    0x1c000 LB 0x408
6e4.57c:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6e4.57c:     [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6e4.57c:     ProductName:     Microsoft® Windows® Operating System
6e4.57c:     ProductVersion:  10.0.17763.1
6e4.57c:     FileVersion:     10.0.17763.1 (WinBuild.160101.0800)
6e4.57c:     FileDescription: ApiSet Schema DLL
6e4.57c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6e4.57c: supR3HardenedWinFindAdversaries: 0x0
6e4.57c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6e4.57c: Calling main()
6e4.57c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
6e4.57c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6e4.57c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
6e4.57c: SUPR3HardenedMain: Final process, opening VBoxDrv...
6e4.57c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
6e4.57c: supR3HardNtEnableThreadCreation:
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd40380000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40380000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40380000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd40380000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47a60000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44320000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45450000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44f00000 LB 0x001db000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd46f90000 LB 0x00122000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44ea0000 LB 0x00059000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44ea0000 'C:\Windows\system32\Wintrust.dll'
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45420000 LB 0x00026000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45420000 'C:\Windows\system32\bcrypt.dll'
6e4.57c: bcrypt.dll loaded at 00007ffd45420000, BCryptOpenAlgorithmProvider at 00007ffd45424d60, preloading providers:
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd450e0000 LB 0x0007e000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd450e0000 'C:\Windows\system32\bcryptprimitives.dll'
6e4.57c:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000132e720)
6e4.57c:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000132f480)
6e4.57c:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000132f780)
6e4.57c:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000132fa80)
6e4.57c:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000132fd80)
6e4.57c:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001330080)
6e4.57c:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001330380)
6e4.57c:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001330680)
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45400000 LB 0x00017000 C:\Windows\System32\CRYPTSP.dll [fFlags=0x0]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd43700000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd43d10000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44ea0000 'C:\Windows\System32\WINTRUST.DLL'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\CRYPT32.dll'
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45790000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47b00000 LB 0x0009e000 C:\Windows\System32\sechost.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd43000000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd443c0000 LB 0x00024000 C:\Windows\System32\profapi.dll [fFlags=0x0]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd24a40000 LB 0x0002f000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd24a40000 'C:\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45550000 LB 0x000a3000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3D8AF7C786FEA745EBC3F0965B6CCC901373C14
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd46f90000 'C:\Windows\System32\rpcrt4.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_590_for_KB4493509~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\SystemRoot\System32\ntdll.dll'
6e4.57c: g_pfnWinVerifyTrust=00007ffd44ea6370
6e4.57c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A71FAF93E7F6555CF5752D6A603A870E378E49E6
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0316~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\system32\crypt32.dll'
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
6e4.57c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
6e4.57c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=39
6e4.57c: SUPR3HardenedMain: Load Runtime...
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00000000676d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00000000670c0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd459c0000 LB 0x0006d000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffcde430000 LB 0x0052f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcde430000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44ea0000 'C:\Windows\system32\Wintrust.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\system32\crypt32.dll'
6e4.57c: SUPR3HardenedMain: Load TrustedMain...
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'combase.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
6e4.57c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'gdi32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9EA7A084F8D34EE062D8C0EF5D96EF865883D56
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0112~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44e30000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44640000 LB 0x000a0000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd443f0000 LB 0x0019a000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45760000 LB 0x00029000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd48150000 LB 0x00197000 C:\Windows\System32\USER32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd33480000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd314d0000 LB 0x00127000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44e50000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47c60000 LB 0x0032c000 C:\Windows\System32\combase.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd458e0000 LB 0x000a8000 C:\Windows\System32\shcore.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44360000 LB 0x0005d000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47810000 LB 0x00052000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44340000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd446e0000 LB 0x0074a000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45aa0000 LB 0x014f0000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47ff0000 LB 0x00155000 C:\Windows\System32\ole32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd34e60000 LB 0x0001b000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   0000000067160000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffcdbac0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   0000000066440000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45680000 LB 0x000c4000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffcdc0c0000 LB 0x0236b000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   0000000066c70000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd41de0000 LB 0x0002d000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd41f30000 LB 0x00024000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd072d0000 LB 0x00188000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-string-l1-1-0'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-datetime-l1-1-1'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-obsolete-l1-2-0'
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
6e4.57c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd45990000 LB 0x0002e000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45990000 'C:\Windows\system32\IMM32.DLL'
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45550000 'C:\Windows\System32\ADVAPI32.DLL'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd072d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
6e4.57c: SUPR3HardenedMain: Calling TrustedMain (00007ffd072d16c0)...
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd193d0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd193d0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9E9C9DBAFB6FF286F236C72F471A61F524EAC54D
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0315~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd42310000 LB 0x0009c000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd42310000 'C:\Windows\system32\uxtheme.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48150000 'C:\Windows\system32\user32.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45aa0000 'C:\Windows\system32\shell32.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd458e0000 'C:\Windows\system32\SHCore.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'crypt32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'cryptsp.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'gdi32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd425f0000 LB 0x0002e000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cryptsp.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cryptsp.dll' -> '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\system32\winmm.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\system32\winmm.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45aa0000 'C:\Windows\system32\shell32.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd42310000 'C:\Windows\system32\uxtheme.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45550000 'C:\Windows\system32\advapi32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'profapi.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd44220000 LB 0x00028000 C:\Windows\system32\userenv.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44220000 'C:\Windows\system32\userenv.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47550000 LB 0x000a2000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1cc4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
6e4.1cc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
6e4.1cc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.1cc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
6e4.1cc4: supR3HardenedDllNotificationCallback: load   00007ffcdb720000 LB 0x003a0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
6e4.1cc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdb720000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
6e4.1cc4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
6e4.1cc4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
6e4.1cc4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1cc4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1cc4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.1cc4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
6e4.1cc4: supR3HardenedDllNotificationCallback: load   00007ffd185f0000 LB 0x000d4000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
6e4.1cc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd185f0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
6e4.1cc4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.1cc4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45680000 'C:\Windows\System32\oleaut32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45760000 'C:\Windows\system32\gdi32.dll'
6e4.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.2748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.2748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
6e4.2748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
6e4.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.2748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.2748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.2748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.2748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
6e4.2748: supR3HardenedDllNotificationCallback: load   00007ffd3a460000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
6e4.2748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
6e4.2748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a460000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45aa0000 'C:\Windows\system32\shell32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48320000 'C:\Windows\System32\ntdll.dll'
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd47870000 LB 0x0016a000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'oleaut32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'imm32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a00 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59F3AE35C1BD7FF73B733C35DF45575279B981AF
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0310~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'd3d11.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'dcomp.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'oleaut32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dxgi.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
6e4.57c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd430a0000 LB 0x000c2000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd40f30000 LB 0x0027e000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd41770000 LB 0x001c3000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd2a920000 LB 0x00056000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
6e4.57c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45760000 'C:\Windows\System32\gdi32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2a920000 'C:\Windows\system32\dataexchange.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'msvcp_win.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd42620000 LB 0x00028000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd423e0000 LB 0x0020d000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd458e0000 'C:\Windows\system32\Shcore.dll'
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'bcryptprimitives.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd433e0000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd41cf0000 LB 0x000e2000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd3f650000 LB 0x00153000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd3f7b0000 LB 0x00322000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd30bb0000 LB 0x00095000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48150000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48150000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47c60000 'api-ms-win-core-com-l1-1-0.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47870000 'C:\Windows\System32\MSCTF.dll'
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ff0000 'C:\Windows\System32\ole32.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45680000 'C:\Windows\System32\OLEAUT32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b38 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61B08AF50BF6163BDE34EB0C9B6605297BA2441A
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_347_for_KB4493509~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b44 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=585E55607969886FF9DCECA6C86E3FD6D59F65D2
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd29c10000 LB 0x00085000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd28cf0000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd28cf0000 'C:\Windows\system32\wbem\wbemprox.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b74 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2479751D59078C3499423233D67A94D93457E663
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_347_for_KB4493509~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd25390000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd25390000 'C:\Windows\system32\wbem\wbemsvc.dll'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-0.dll'
6e4.57c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b80 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D738E4890595C8890290239456518F354997BFD
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package02~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
6e4.57c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.57c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
6e4.57c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
6e4.57c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.57c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.57c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.57c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
6e4.57c: supR3HardenedDllNotificationCallback: load   00007ffd253d0000 LB 0x000f1000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
6e4.57c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
6e4.57c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd253d0000 'C:\Windows\system32\wbem\fastprox.dll'
6e4.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
6e4.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
6e4.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
6e4.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
6e4.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
6e4.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
6e4.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
6e4.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
6e4.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
6e4.14d4: supR3HardenedDllNotificationCallback: load   0000000066b60000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
6e4.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
6e4.14d4: supR3HardenedDllNotificationCallback: load   00007ffd058c0000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
6e4.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd058c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.3740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
6e4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.3740: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
6e4.3740: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
6e4.3740: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
6e4.3740: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.3740: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.3740: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.3740: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
6e4.3740: supR3HardenedDllNotificationCallback: load   00007ffd3a3d0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
6e4.3740: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
6e4.3740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a3d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
6e4.3740: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd48150000 'C:\Windows\system32\User32.dll'
6e4.608: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
6e4.608: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.608: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
6e4.608: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
6e4.608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.608: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.608: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.608: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.608: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.608: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
6e4.608: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.608: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
6e4.608: supR3HardenedDllNotificationCallback: load   00007ffd39fa0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
6e4.608: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
6e4.608: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39fa0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45aa0000 'C:\Windows\system32\Shell32.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd058c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd2e710000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2e710000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
6e4.1c34: supR3HardenedDllNotificationCallback: Unload 00007ffd2e710000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd470c0000 LB 0x00476000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd2f770000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd18fd0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd438a0000 LB 0x0003d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffcdeff0000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdeff0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd2e710000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2e710000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdb720000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18fd0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd38ce0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38ce0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd38be0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38be0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd2f7e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2f7e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd2f720000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2f720000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.3488: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.3488: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.3488: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
6e4.3488: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.3488: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
6e4.3488: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
6e4.3488: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.3488: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.3488: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
6e4.3488: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
6e4.3488: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.3488: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.3488: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.3488: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.3488: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
6e4.3488: supR3HardenedDllNotificationCallback: load   00007ffd2e9b0000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
6e4.3488: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
6e4.3488: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2e9b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
6e4.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
6e4.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
6e4.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
6e4.1774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
6e4.1774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
6e4.1774: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1774: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
6e4.1774: supR3HardenedDllNotificationCallback: load   00007ffd39b50000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
6e4.1774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
6e4.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39b50000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
6e4.3a28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.3a28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.3a28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
6e4.3a28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
6e4.3a28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
6e4.3a28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
6e4.3a28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.3a28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.3a28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
6e4.3a28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
6e4.3a28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.3a28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.3a28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.3a28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
6e4.3a28: supR3HardenedDllNotificationCallback: load   00007ffd39b10000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
6e4.3a28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
6e4.3a28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd39b10000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd403c0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd403c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd438a0000 'C:\Windows\system32\Iphlpapi.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd45750000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd3c840000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd39ee0000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd39980000 LB 0x0001c000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd438e0000 LB 0x000c6000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e5c pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=023C8DA2B39F9AA3A5B23F6B14BA6DD8E8288590
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0316~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.1c34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef0 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0A1EEF9F9131F768A30314D53D98D8EC54A521D
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0316~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.1c34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'propsys.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd44130000 LB 0x00029000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd40710000 LB 0x001a8000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd38260000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38260000 'C:\Windows\System32\MMDevApi.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001090 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AD365A940454786DE7BEC545039701B233FD977
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_314_for_KB4493509~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd3d5d0000 LB 0x00096000 C:\Windows\System32\dsound.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d5d0000 'C:\Windows\System32\dsound.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d5d0000 'C:\Windows\System32\dsound.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d5d0000 'C:\Windows\system32\dsound.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd38260000 'C:\Windows\System32\MMDEVAPI.DLL'
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'mmdevapi.dll'.
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'avrt.dll'.
6e4.80c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
6e4.80c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.80c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
6e4.80c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
6e4.80c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.80c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.80c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.80c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.80c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
6e4.80c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.80c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
6e4.80c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
6e4.80c: supR3HardenedDllNotificationCallback: load   00007ffd400f0000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
6e4.80c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
6e4.80c: supR3HardenedDllNotificationCallback: load   00007ffd37b70000 LB 0x00148000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
6e4.80c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
6e4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd37b70000 'C:\Windows\System32\AUDIOSES.DLL'
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.80c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6e4.80c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
6e4.80c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
6e4.80c: supR3HardenedDllNotificationCallback: load   00007ffd42650000 LB 0x00014000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
6e4.80c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001140 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22E5B934FBB9B8EED168F5BD0121AD902CCB797A
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd38c90000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd18340000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18340000 'C:\Windows\System32\wdmaud.drv'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001124 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF9222E8F115E50DE05D7AD2D27BDC071ADD62AF
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd122a0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd18330000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18330000 'C:\Windows\System32\msacm32.drv'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000119c pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FE1B51D5EFA4634DA5F3478BB920BDCB24116539
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.17763.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
6e4.1c34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd172e0000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd172e0000 'C:\Windows\System32\midimap.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd172e0000 'C:\Windows\System32\midimap.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd172e0000 'C:\Windows\System32\midimap.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd172e0000 'C:\Windows\System32\midimap.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d5d0000 'C:\Windows\system32\dsound.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd058c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dwmapi.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d9.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd0b590000 LB 0x0019e000 C:\Windows\system32\d3d9.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.1c34: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll: Owner is administrators group.
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffd023f0000 LB 0x00275000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.1c34: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll: Owner is administrators group.
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
6e4.1c34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
6e4.1c34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll) WinVerifyTrust
6e4.1c34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1c34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.1c34: supR3HardenedDllNotificationCallback: load   00007ffcd2f20000 LB 0x038ec000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll [fFlags=0x0]
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.1c34: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45760000 'C:\Windows\System32\gdi32.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.31a8: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
6e4.31a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
6e4.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
6e4.31a8: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000013a8 (hFile=0000000000001118) with 0xc0000022 -> STATUS_TRUST_FAILURE
6e4.31a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
6e4.31a8: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001118 (hFile=00000000000013a8) with 0xc0000022 -> STATUS_TRUST_FAILURE
6e4.31a8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bfc pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
6e4.31a8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000136ecf0
6e4.31a8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000136ecf0
6e4.31a8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=11B44AC70070922FAD9F85E3435AFD4DDAE1C97E
6e4.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.31a8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_193_for_KB4493509~31bf3856ad364e35~amd64~~10.0.1.6.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
6e4.31a8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
6e4.31a8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
6e4.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.31a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
6e4.31a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
6e4.31a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
6e4.31a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
6e4.31a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.31a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.31a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
6e4.31a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
6e4.31a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
6e4.31a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.31a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
6e4.31a8: supR3HardenedDllNotificationCallback: load   00007ffd43b40000 LB 0x00067000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
6e4.31a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
6e4.31a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43b40000 'C:\Windows\system32\mswsock.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd42650000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll: Owner is administrators group.
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.f20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
6e4.f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll) WinVerifyTrust
6e4.f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll
6e4.f20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6e4.f20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll
6e4.f20: supR3HardenedDllNotificationCallback: load   00007ffd07cc0000 LB 0x00020000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll [fFlags=0x0]
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd07cc0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll'
6e4.f20: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll: Owner is administrators group.
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.f20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll) WinVerifyTrust
6e4.f20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedDllNotificationCallback: load   00007ffd3a720000 LB 0x01f7c000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll [fFlags=0x0]
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-string-l1-1-0'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-datetime-l1-1-1'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-obsolete-l1-2-0'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedDllNotificationCallback: Unload 00007ffd07cc0000 LB 0x00020000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll [flags=0x0]
6e4.f20: supR3HardenedDllNotificationCallback: Unload 00007ffd3a720000 LB 0x01f7c000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll [flags=0x0]
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll
6e4.f20: supR3HardenedDllNotificationCallback: load   00007ffd07cc0000 LB 0x00020000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll [fFlags=0x0]
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd07cc0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdinfo64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedDllNotificationCallback: load   00007ffd3a720000 LB 0x01f7c000 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll [fFlags=0x0]
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-synch-l1-2-0'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-fibers-l1-1-1'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-l1-2-1'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd47ba0000 'C:\Windows\System32\kernel32.dll'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-string-l1-1-0'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-datetime-l1-1-1'
6e4.f20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd45160000 'api-ms-win-core-localization-obsolete-l1-2-0'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.1c34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d5d0000 'C:\Windows\system32\dsound.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1c34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
6e4.3720: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3d5d0000 'C:\Windows\system32\dsound.dll'
6e4.3720: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
6e4.3720: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.3720: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd41f30000 'C:\Windows\System32\winmm.dll'
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'combase.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'shcore.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'textinputframework.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'inputhost.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
6e4.1724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\Windows.UI.dll) WinVerifyTrust
6e4.1724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'inputhost.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'inputhost.dll' -> '\Device\HarddiskVolume3\Windows\System32\inputhost.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'coremessaging.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'twinapi.appcore.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'coreuicomponents.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'd2d1.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'd3d11.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'propsys.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'shcore.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'win32u.dll'.
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
6e4.1724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\InputHost.dll) WinVerifyTrust
6e4.1724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\InputHost.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'textinputframework.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'textinputframework.dll' -> '\Device\HarddiskVolume3\Windows\System32\textinputframework.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume3\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd43700000 'C:\Windows\system32\rsaenh.dll'
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd44f00000 'C:\Windows\System32\crypt32.dll'
6e4.1724: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6e4.1724: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d2d1.dll) WinVerifyTrust
6e4.1724: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d2d1.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'twinapi.appcore.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'twinapi.appcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6e4.1724: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6e4.1724: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\Windows.UI.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
6e4.1724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
6e4.1724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\InputHost.dll
6e4.1724: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d2d1.dll
6e4.1724: supR3HardenedDllNotificationCallback: load   00007ffd411b0000 LB 0x005be000 C:\Windows\System32\d2d1.dll [fFlags=0x0]
6e4.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d2d1.dll
6e4.1724: supR3HardenedDllNotificationCallback: load   00007ffd2ea00000 LB 0x000cc000 C:\Windows\System32\InputHost.dll [fFlags=0x0]
6e4.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\InputHost.dll
6e4.1724: supR3HardenedDllNotificationCallback: load   00007ffd2e430000 LB 0x0013a000 C:\Windows\System32\Windows.UI.dll [fFlags=0x0]
6e4.1724: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\Windows.UI.dll
6e4.1724: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd2e430000 'C:\Windows\System32\Windows.UI.dll'
6e4.1e90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
6e4.1e90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
6e4.1e90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd400f0000 'C:\Windows\System32\avrt.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll
6e4.f20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd023f0000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igdumdim64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcd2f20000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igd9dxva64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd3a720000 'C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_16ed7d82b93e4f68\igc64.dll'
6e4.f20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd0b590000 'C:\Windows\system32\d3d9.dll'
1030.2c68: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 178355 ms, the end);
12c4.39c0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 178778 ms, the end);