VirtualBox

Ticket #18920: VBoxHardening.log

File VBoxHardening.log, 466.7 KB (added by CKing123, 5 years ago)

The VirtualBoxVM log

Line 
14574.6b8: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
24574.6b8: \SystemRoot\System32\ntdll.dll:
34574.6b8: CreationTime: 2019-09-11T15:06:46.480481700Z
44574.6b8: LastWriteTime: 2019-09-11T15:06:46.519381400Z
54574.6b8: ChangeTime: 2019-09-11T15:11:11.763337600Z
64574.6b8: FileAttributes: 0x20
74574.6b8: Size: 0x1e8458
84574.6b8: NT Headers: 0xd8
94574.6b8: Timestamp: 0xf24fc044
104574.6b8: Machine: 0x8664 - amd64
114574.6b8: Timestamp: 0xf24fc044
124574.6b8: Image Version: 10.0
134574.6b8: SizeOfImage: 0x1f0000 (2031616)
144574.6b8: Resource Dir: 0x17f000 LB 0x6f310
154574.6b8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164574.6b8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174574.6b8: ProductName: Microsoft® Windows® Operating System
184574.6b8: ProductVersion: 10.0.18362.356
194574.6b8: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
204574.6b8: FileDescription: NT Layer DLL
214574.6b8: \SystemRoot\System32\kernel32.dll:
224574.6b8: CreationTime: 2019-09-11T15:06:30.537351000Z
234574.6b8: LastWriteTime: 2019-09-11T15:06:30.554305600Z
244574.6b8: ChangeTime: 2019-09-11T15:11:09.793563100Z
254574.6b8: FileAttributes: 0x20
264574.6b8: Size: 0xb0570
274574.6b8: NT Headers: 0xe8
284574.6b8: Timestamp: 0xd0cecc10
294574.6b8: Machine: 0x8664 - amd64
304574.6b8: Timestamp: 0xd0cecc10
314574.6b8: Image Version: 10.0
324574.6b8: SizeOfImage: 0xb2000 (729088)
334574.6b8: Resource Dir: 0xb0000 LB 0x520
344574.6b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354574.6b8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364574.6b8: ProductName: Microsoft® Windows® Operating System
374574.6b8: ProductVersion: 10.0.18362.329
384574.6b8: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
394574.6b8: FileDescription: Windows NT BASE API Client DLL
404574.6b8: \SystemRoot\System32\KernelBase.dll:
414574.6b8: CreationTime: 2019-09-11T15:06:46.941250600Z
424574.6b8: LastWriteTime: 2019-09-11T15:06:46.992113700Z
434574.6b8: ChangeTime: 2019-09-11T15:11:11.390799400Z
444574.6b8: FileAttributes: 0x20
454574.6b8: Size: 0x2a2638
464574.6b8: NT Headers: 0xf0
474574.6b8: Timestamp: 0x7083db20
484574.6b8: Machine: 0x8664 - amd64
494574.6b8: Timestamp: 0x7083db20
504574.6b8: Image Version: 10.0
514574.6b8: SizeOfImage: 0x2a3000 (2764800)
524574.6b8: Resource Dir: 0x27d000 LB 0x548
534574.6b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544574.6b8: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554574.6b8: ProductName: Microsoft® Windows® Operating System
564574.6b8: ProductVersion: 10.0.18362.356
574574.6b8: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
584574.6b8: FileDescription: Windows NT BASE API Client DLL
594574.6b8: \SystemRoot\System32\apisetschema.dll:
604574.6b8: CreationTime: 2019-03-19T04:43:54.837151500Z
614574.6b8: LastWriteTime: 2019-03-19T04:43:54.837151500Z
624574.6b8: ChangeTime: 2019-09-11T15:07:25.157338500Z
634574.6b8: FileAttributes: 0x20
644574.6b8: Size: 0x1d028
654574.6b8: NT Headers: 0xc8
664574.6b8: Timestamp: 0xd6ced080
674574.6b8: Machine: 0x8664 - amd64
684574.6b8: Timestamp: 0xd6ced080
694574.6b8: Image Version: 10.0
704574.6b8: SizeOfImage: 0x1e000 (122880)
714574.6b8: Resource Dir: 0x1d000 LB 0x408
724574.6b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734574.6b8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744574.6b8: ProductName: Microsoft® Windows® Operating System
754574.6b8: ProductVersion: 10.0.18362.1
764574.6b8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
774574.6b8: FileDescription: ApiSet Schema DLL
784574.6b8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794574.6b8: supR3HardenedWinFindAdversaries: 0x80
804574.6b8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
814574.6b8: CreationTime: 2019-09-11T15:31:40.591432800Z
824574.6b8: LastWriteTime: 2019-09-11T15:31:40.591432800Z
834574.6b8: ChangeTime: 2019-09-11T15:31:40.604398200Z
844574.6b8: FileAttributes: 0x20
854574.6b8: Size: 0x43320
864574.6b8: NT Headers: 0xf8
874574.6b8: Timestamp: 0x5c9e68f9
884574.6b8: Machine: 0x8664 - amd64
894574.6b8: Timestamp: 0x5c9e68f9
904574.6b8: Image Version: 10.0
914574.6b8: SizeOfImage: 0x45000 (282624)
924574.6b8: Resource Dir: 0x43000 LB 0x3b8
934574.6b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
944574.6b8: [Raw version resource data: 0x43060 LB 0x358, codepage 0x0 (reserved 0x0)]
954574.6b8: ProductName: Malwarebytes SwissArmy
964574.6b8: ProductVersion: 4.3.0.170
974574.6b8: FileVersion: 4.3.0.170
984574.6b8: FileDescription: Malwarebytes SwissArmy
994574.6b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1004574.6b8: Calling main()
1014574.6b8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1024574.6b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1034574.6b8: SUPR3HardenedMain: Respawn #1
1044574.6b8: System32: \Device\HarddiskVolume3\Windows\System32
1054574.6b8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1064574.6b8: KnownDllPath: C:\WINDOWS\System32
1074574.6b8: supR3HardenedWinInit: Performing a limited self purification...
1084574.6b8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1094574.6b8: *0000000000000000-0000000000ccffff 0x0001/0x0000 0x0000000
1104574.6b8: *0000000000cd0000-0000000000cdffff 0x0004/0x0004 0x0040000
1114574.6b8: 0000000000ce0000-0000000000ceffff 0x0001/0x0000 0x0000000
1124574.6b8: *0000000000cf0000-0000000000d0afff 0x0002/0x0002 0x0040000
1134574.6b8: 0000000000d0b000-0000000000d0ffff 0x0001/0x0000 0x0000000
1144574.6b8: *0000000000d10000-0000000000d13fff 0x0002/0x0002 0x0040000
1154574.6b8: 0000000000d14000-0000000000d1ffff 0x0001/0x0000 0x0000000
1164574.6b8: *0000000000d20000-0000000000d21fff 0x0004/0x0004 0x0020000
1174574.6b8: 0000000000d22000-0000000000d2ffff 0x0001/0x0000 0x0000000
1184574.6b8: *0000000000d30000-0000000000df6fff 0x0002/0x0002 0x0040000
1194574.6b8: 0000000000df7000-0000000000dfffff 0x0001/0x0000 0x0000000
1204574.6b8: *0000000000e00000-0000000000fb6fff 0x0000/0x0004 0x0020000
1214574.6b8: 0000000000fb7000-0000000000fb9fff 0x0004/0x0004 0x0020000
1224574.6b8: 0000000000fba000-0000000000ffffff 0x0000/0x0004 0x0020000
1234574.6b8: *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
1244574.6b8: 00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
1254574.6b8: 00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
1264574.6b8: *0000000001100000-0000000001101fff 0x0004/0x0004 0x0020000
1274574.6b8: 0000000001102000-0000000001161fff 0x0000/0x0004 0x0020000
1284574.6b8: 0000000001162000-000000000122ffff 0x0001/0x0000 0x0000000
1294574.6b8: *0000000001230000-0000000001234fff 0x0004/0x0004 0x0020000
1304574.6b8: 0000000001235000-000000000132ffff 0x0000/0x0004 0x0020000
1314574.6b8: *0000000001330000-000000000134cfff 0x0004/0x0004 0x0020000
1324574.6b8: 000000000134d000-000000000142ffff 0x0000/0x0004 0x0020000
1334574.6b8: 0000000001430000-000000000148ffff 0x0001/0x0000 0x0000000
1344574.6b8: *0000000001490000-000000000149efff 0x0004/0x0004 0x0020000
1354574.6b8: 000000000149f000-000000000149ffff 0x0000/0x0004 0x0020000
1364574.6b8: *00000000014a0000-00000000014a8fff 0x0000/0x0004 0x0020000
1374574.6b8: 00000000014a9000-0000000001699fff 0x0004/0x0004 0x0020000
1384574.6b8: 000000000169a000-000000000169afff 0x0000/0x0004 0x0020000
1394574.6b8: 000000000169b000-000000007ffdffff 0x0001/0x0000 0x0000000
1404574.6b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1414574.6b8: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
1424574.6b8: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
1434574.6b8: 000000007ffe9000-00007ff458a1ffff 0x0001/0x0000 0x0000000
1444574.6b8: *00007ff458a20000-00007ff458a24fff 0x0002/0x0002 0x0040000
1454574.6b8: 00007ff458a25000-00007ff458b1ffff 0x0000/0x0002 0x0040000
1464574.6b8: *00007ff458b20000-00007ff558b3ffff 0x0000/0x0004 0x0020000
1474574.6b8: *00007ff558b40000-00007ff55ab3ffff 0x0000/0x0004 0x0020000
1484574.6b8: 00007ff55ab40000-00007ff55ab40fff 0x0004/0x0004 0x0020000
1494574.6b8: 00007ff55ab41000-00007ff55ab4ffff 0x0001/0x0000 0x0000000
1504574.6b8: *00007ff55ab50000-00007ff55ab50fff 0x0002/0x0002 0x0040000
1514574.6b8: 00007ff55ab51000-00007ff55ab5ffff 0x0001/0x0000 0x0000000
1524574.6b8: *00007ff55ab60000-00007ff55ab82fff 0x0002/0x0002 0x0040000
1534574.6b8: 00007ff55ab83000-00007ff64d16ffff 0x0001/0x0000 0x0000000
1544574.6b8: *00007ff64d170000-00007ff64d170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1554574.6b8: 00007ff64d171000-00007ff64d1e5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1564574.6b8: 00007ff64d1e6000-00007ff64d1e6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1574574.6b8: 00007ff64d1e7000-00007ff64d22efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1584574.6b8: 00007ff64d22f000-00007ff64d231fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1594574.6b8: 00007ff64d232000-00007ff64d234fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1604574.6b8: 00007ff64d235000-00007ff64d237fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1614574.6b8: 00007ff64d238000-00007ff64d238fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1624574.6b8: 00007ff64d239000-00007ff64d23afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1634574.6b8: 00007ff64d23b000-00007ff64d23bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1644574.6b8: 00007ff64d23c000-00007ff64d284fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1654574.6b8: 00007ff64d285000-00007ff9906fffff 0x0001/0x0000 0x0000000
1664574.6b8: *00007ff990700000-00007ff990700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1674574.6b8: 00007ff990701000-00007ff990805fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1684574.6b8: 00007ff990806000-00007ff990967fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1694574.6b8: 00007ff990968000-00007ff99096bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1704574.6b8: 00007ff99096c000-00007ff99096cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1714574.6b8: 00007ff99096d000-00007ff9909a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1724574.6b8: 00007ff9909a3000-00007ff9927cffff 0x0001/0x0000 0x0000000
1734574.6b8: *00007ff9927d0000-00007ff9927d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1744574.6b8: 00007ff9927d1000-00007ff992845fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1754574.6b8: 00007ff992846000-00007ff992877fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1764574.6b8: 00007ff992878000-00007ff992878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1774574.6b8: 00007ff992879000-00007ff992879fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1784574.6b8: 00007ff99287a000-00007ff992881fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1794574.6b8: 00007ff992882000-00007ff99299ffff 0x0001/0x0000 0x0000000
1804574.6b8: *00007ff9929a0000-00007ff9929a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1814574.6b8: 00007ff9929a1000-00007ff992ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1824574.6b8: 00007ff992ab8000-00007ff992afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1834574.6b8: 00007ff992aff000-00007ff992afffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1844574.6b8: 00007ff992b00000-00007ff992b01fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1854574.6b8: 00007ff992b02000-00007ff992b0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1864574.6b8: 00007ff992b0b000-00007ff992b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1874574.6b8: 00007ff992b90000-00007ffffffeffff 0x0001/0x0000 0x0000000
1884574.6b8: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
1894574.6b8: kernelbase.dll: timestamp 0x7083db20 (rc=VINF_SUCCESS)
1904574.6b8: VirtualBoxVM.exe: timestamp 0x5d6e3430 (rc=VINF_SUCCESS)
1914574.6b8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1924574.6b8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1934574.6b8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1944574.6b8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1954574.6b8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1964574.6b8: supR3HardNtEnableThreadCreationEx:
1974574.6b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff992a11800 pvNtTerminateThread=00007ff992a3cb20
1984574.6b8: supR3HardenedWinDoReSpawn(1): New child 27cc.2b8c [kernel32].
1994574.6b8: supR3HardNtChildGatherData: PebBaseAddress=0000000000b82000 cbPeb=0x388
2004574.6b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9929a0000 uNtDllChildAddr=00007ff9929a0000
2014574.6b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff992a11800
2024574.6b8: supR3HardenedWinSetupChildInit: Start child.
2034574.6b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2044574.6b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 57 sleeps
2054574.6b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2064574.6b8: *0000000000000000-000000000088ffff 0x0001/0x0000 0x0000000
2074574.6b8: *0000000000890000-00000000008affff 0x0004/0x0004 0x0020000
2084574.6b8: *00000000008b0000-00000000008cafff 0x0002/0x0002 0x0040000
2094574.6b8: 00000000008cb000-00000000008cffff 0x0001/0x0000 0x0000000
2104574.6b8: *00000000008d0000-00000000009cafff 0x0000/0x0004 0x0020000
2114574.6b8: 00000000009cb000-00000000009cdfff 0x0104/0x0004 0x0020000
2124574.6b8: 00000000009ce000-00000000009cffff 0x0004/0x0004 0x0020000
2134574.6b8: *00000000009d0000-00000000009d3fff 0x0002/0x0002 0x0040000
2144574.6b8: 00000000009d4000-00000000009dffff 0x0001/0x0000 0x0000000
2154574.6b8: *00000000009e0000-00000000009e1fff 0x0004/0x0004 0x0020000
2164574.6b8: 00000000009e2000-00000000009fffff 0x0001/0x0000 0x0000000
2174574.6b8: *0000000000a00000-0000000000b81fff 0x0000/0x0004 0x0020000
2184574.6b8: 0000000000b82000-0000000000b84fff 0x0004/0x0004 0x0020000
2194574.6b8: 0000000000b85000-0000000000bfffff 0x0000/0x0004 0x0020000
2204574.6b8: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
2214574.6b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2224574.6b8: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
2234574.6b8: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
2244574.6b8: 000000007ffe9000-00007ff5d9e4ffff 0x0001/0x0000 0x0000000
2254574.6b8: *00007ff5d9e50000-00007ff5d9e50fff 0x0002/0x0002 0x0040000
2264574.6b8: 00007ff5d9e51000-00007ff5d9e5ffff 0x0001/0x0000 0x0000000
2274574.6b8: *00007ff5d9e60000-00007ff5d9e82fff 0x0002/0x0002 0x0040000
2284574.6b8: 00007ff5d9e83000-00007ff64d16ffff 0x0001/0x0000 0x0000000
2294574.6b8: *00007ff64d170000-00007ff64d170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2304574.6b8: 00007ff64d171000-00007ff64d1e5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2314574.6b8: 00007ff64d1e6000-00007ff64d1e6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2324574.6b8: 00007ff64d1e7000-00007ff64d22efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2334574.6b8: 00007ff64d22f000-00007ff64d22ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2344574.6b8: 00007ff64d230000-00007ff64d230fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2354574.6b8: 00007ff64d231000-00007ff64d235fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2364574.6b8: 00007ff64d236000-00007ff64d236fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2374574.6b8: 00007ff64d237000-00007ff64d237fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2384574.6b8: 00007ff64d238000-00007ff64d23bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2394574.6b8: 00007ff64d23c000-00007ff64d284fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2404574.6b8: 00007ff64d285000-00007ff99299ffff 0x0001/0x0000 0x0000000
2414574.6b8: *00007ff9929a0000-00007ff9929a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2424574.6b8: 00007ff9929a1000-00007ff992ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2434574.6b8: 00007ff992ab8000-00007ff992afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2444574.6b8: 00007ff992aff000-00007ff992b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2454574.6b8: 00007ff992b0b000-00007ff992b19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2464574.6b8: 00007ff992b1a000-00007ff992b1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2474574.6b8: 00007ff992b1b000-00007ff992b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2484574.6b8: 00007ff992b1e000-00007ff992b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2494574.6b8: 00007ff992b90000-00007ffffffeffff 0x0001/0x0000 0x0000000
2504574.6b8: supR3HardNtChildPurify: Done after 516 ms and 0 fixes (loop #0).
25127cc.2b8c: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
25227cc.2b8c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9929a0000 g_uNtVerCombined=0xa047ba00
25327cc.2b8c: ntdll.dll: timestamp 0xf24fc044 (rc=VINF_SUCCESS)
25427cc.2b8c: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2031616 allocation)
2554574.6b8: supR3HardNtEnableThreadCreationEx:
25627cc.2b8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
25727cc.2b8c: System32: \Device\HarddiskVolume3\Windows\System32
25827cc.2b8c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
25927cc.2b8c: KnownDllPath: C:\WINDOWS\System32
26027cc.2b8c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
26127cc.2b8c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
26227cc.2b8c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
26327cc.2b8c: Registered Dll notification callback with NTDLL.
26427cc.2b8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
26527cc.2b8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
26627cc.2b8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
26727cc.2b8c: supR3HardenedDllNotificationCallback: load 00007ff990700000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
26827cc.2b8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
26927cc.2b8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
27027cc.2b8c: supR3HardenedDllNotificationCallback: load 00007ff9927d0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
27127cc.2b8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
27227cc.2b8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\KERNEL32.DLL'
27327cc.2b8c: supR3HardenedDllNotificationCallback: load 00007ff64d170000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
27427cc.2b8c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
27527cc.2b8c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
27627cc.2b8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
27727cc.2b8c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff992a11800 pvNtTerminateThread=00007ff992a3cb20
2784574.6b8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 113 ms.
27927cc.2b8c: \SystemRoot\System32\ntdll.dll:
28027cc.2b8c: CreationTime: 2019-09-11T15:06:46.480481700Z
28127cc.2b8c: LastWriteTime: 2019-09-11T15:06:46.519381400Z
28227cc.2b8c: ChangeTime: 2019-09-11T15:11:11.763337600Z
28327cc.2b8c: FileAttributes: 0x20
28427cc.2b8c: Size: 0x1e8458
28527cc.2b8c: NT Headers: 0xd8
28627cc.2b8c: Timestamp: 0xf24fc044
28727cc.2b8c: Machine: 0x8664 - amd64
28827cc.2b8c: Timestamp: 0xf24fc044
28927cc.2b8c: Image Version: 10.0
29027cc.2b8c: SizeOfImage: 0x1f0000 (2031616)
29127cc.2b8c: Resource Dir: 0x17f000 LB 0x6f310
29227cc.2b8c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
29327cc.2b8c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
29427cc.2b8c: ProductName: Microsoft® Windows® Operating System
29527cc.2b8c: ProductVersion: 10.0.18362.356
29627cc.2b8c: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
29727cc.2b8c: FileDescription: NT Layer DLL
29827cc.2b8c: \SystemRoot\System32\kernel32.dll:
29927cc.2b8c: CreationTime: 2019-09-11T15:06:30.537351000Z
30027cc.2b8c: LastWriteTime: 2019-09-11T15:06:30.554305600Z
30127cc.2b8c: ChangeTime: 2019-09-11T15:11:09.793563100Z
30227cc.2b8c: FileAttributes: 0x20
30327cc.2b8c: Size: 0xb0570
30427cc.2b8c: NT Headers: 0xe8
30527cc.2b8c: Timestamp: 0xd0cecc10
30627cc.2b8c: Machine: 0x8664 - amd64
30727cc.2b8c: Timestamp: 0xd0cecc10
30827cc.2b8c: Image Version: 10.0
30927cc.2b8c: SizeOfImage: 0xb2000 (729088)
31027cc.2b8c: Resource Dir: 0xb0000 LB 0x520
31127cc.2b8c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
31227cc.2b8c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
31327cc.2b8c: ProductName: Microsoft® Windows® Operating System
31427cc.2b8c: ProductVersion: 10.0.18362.329
31527cc.2b8c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
31627cc.2b8c: FileDescription: Windows NT BASE API Client DLL
31727cc.2b8c: \SystemRoot\System32\KernelBase.dll:
31827cc.2b8c: CreationTime: 2019-09-11T15:06:46.941250600Z
31927cc.2b8c: LastWriteTime: 2019-09-11T15:06:46.992113700Z
32027cc.2b8c: ChangeTime: 2019-09-11T15:11:11.390799400Z
32127cc.2b8c: FileAttributes: 0x20
32227cc.2b8c: Size: 0x2a2638
32327cc.2b8c: NT Headers: 0xf0
32427cc.2b8c: Timestamp: 0x7083db20
32527cc.2b8c: Machine: 0x8664 - amd64
32627cc.2b8c: Timestamp: 0x7083db20
32727cc.2b8c: Image Version: 10.0
32827cc.2b8c: SizeOfImage: 0x2a3000 (2764800)
32927cc.2b8c: Resource Dir: 0x27d000 LB 0x548
33027cc.2b8c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
33127cc.2b8c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
33227cc.2b8c: ProductName: Microsoft® Windows® Operating System
33327cc.2b8c: ProductVersion: 10.0.18362.356
33427cc.2b8c: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
33527cc.2b8c: FileDescription: Windows NT BASE API Client DLL
33627cc.2b8c: \SystemRoot\System32\apisetschema.dll:
33727cc.2b8c: CreationTime: 2019-03-19T04:43:54.837151500Z
33827cc.2b8c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
33927cc.2b8c: ChangeTime: 2019-09-11T15:07:25.157338500Z
34027cc.2b8c: FileAttributes: 0x20
34127cc.2b8c: Size: 0x1d028
34227cc.2b8c: NT Headers: 0xc8
34327cc.2b8c: Timestamp: 0xd6ced080
34427cc.2b8c: Machine: 0x8664 - amd64
34527cc.2b8c: Timestamp: 0xd6ced080
34627cc.2b8c: Image Version: 10.0
34727cc.2b8c: SizeOfImage: 0x1e000 (122880)
34827cc.2b8c: Resource Dir: 0x1d000 LB 0x408
34927cc.2b8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
35027cc.2b8c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
35127cc.2b8c: ProductName: Microsoft® Windows® Operating System
35227cc.2b8c: ProductVersion: 10.0.18362.1
35327cc.2b8c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
35427cc.2b8c: FileDescription: ApiSet Schema DLL
35527cc.2b8c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
35627cc.2b8c: supR3HardenedWinFindAdversaries: 0x80
35727cc.2b8c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
35827cc.2b8c: CreationTime: 2019-09-11T15:31:40.591432800Z
35927cc.2b8c: LastWriteTime: 2019-09-11T15:31:40.591432800Z
36027cc.2b8c: ChangeTime: 2019-09-11T15:31:40.604398200Z
36127cc.2b8c: FileAttributes: 0x20
36227cc.2b8c: Size: 0x43320
36327cc.2b8c: NT Headers: 0xf8
36427cc.2b8c: Timestamp: 0x5c9e68f9
36527cc.2b8c: Machine: 0x8664 - amd64
36627cc.2b8c: Timestamp: 0x5c9e68f9
36727cc.2b8c: Image Version: 10.0
36827cc.2b8c: SizeOfImage: 0x45000 (282624)
36927cc.2b8c: Resource Dir: 0x43000 LB 0x3b8
37027cc.2b8c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
37127cc.2b8c: [Raw version resource data: 0x43060 LB 0x358, codepage 0x0 (reserved 0x0)]
37227cc.2b8c: ProductName: Malwarebytes SwissArmy
37327cc.2b8c: ProductVersion: 4.3.0.170
37427cc.2b8c: FileVersion: 4.3.0.170
37527cc.2b8c: FileDescription: Malwarebytes SwissArmy
37627cc.2b8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
37727cc.2b8c: Calling main()
37827cc.2b8c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
37927cc.2b8c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
38027cc.2b8c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
38127cc.2b8c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
38227cc.2b8c: SUPR3HardenedMain: Respawn #2
38327cc.2b8c: supR3HardNtEnableThreadCreationEx:
38427cc.2b8c: supR3HardenedDllNotificationCallback: load 00007ff9924c0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
38527cc.2b8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
38627cc.2b8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
38727cc.2b8c: supR3HardenedDllNotificationCallback: load 00007ff9925e0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
38827cc.2b8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
38927cc.2b8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
39027cc.2b8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
39127cc.2b8c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
39227cc.2b8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
39327cc.2b8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
39427cc.2b8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
39527cc.2b8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
39627cc.2b8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
39727cc.2b8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
39827cc.2b8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9929a0000 'C:\WINDOWS\System32\ntdll.dll'
39927cc.2b8c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff992a11800 pvNtTerminateThread=00007ff992a3cb20
40027cc.2b8c: supR3HardenedWinDoReSpawn(2): New child 27a0.2a6c [kernel32].
40127cc.2b8c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
40227cc.2b8c: supR3HardNtChildGatherData: PebBaseAddress=0000000000336000 cbPeb=0x388
40327cc.2b8c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9929a0000 uNtDllChildAddr=00007ff9929a0000
40427cc.2b8c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff992a11800
40527cc.2b8c: supR3HardenedWinSetupChildInit: Start child.
40627cc.2b8c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
40727cc.2b8c: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 57 sleeps
40827cc.2b8c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
40927cc.2b8c: *0000000000000000-000000000018ffff 0x0001/0x0000 0x0000000
41027cc.2b8c: *0000000000190000-00000000001affff 0x0004/0x0004 0x0020000
41127cc.2b8c: *00000000001b0000-00000000001cafff 0x0002/0x0002 0x0040000
41227cc.2b8c: 00000000001cb000-00000000001cffff 0x0001/0x0000 0x0000000
41327cc.2b8c: *00000000001d0000-00000000001d3fff 0x0002/0x0002 0x0040000
41427cc.2b8c: 00000000001d4000-00000000001dffff 0x0001/0x0000 0x0000000
41527cc.2b8c: *00000000001e0000-00000000001e1fff 0x0004/0x0004 0x0020000
41627cc.2b8c: 00000000001e2000-00000000001fffff 0x0001/0x0000 0x0000000
41727cc.2b8c: *0000000000200000-0000000000335fff 0x0000/0x0004 0x0020000
41827cc.2b8c: 0000000000336000-0000000000338fff 0x0004/0x0004 0x0020000
41927cc.2b8c: 0000000000339000-00000000003fffff 0x0000/0x0004 0x0020000
42027cc.2b8c: *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
42127cc.2b8c: 00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
42227cc.2b8c: 00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
42327cc.2b8c: 0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
42427cc.2b8c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
42527cc.2b8c: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
42627cc.2b8c: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
42727cc.2b8c: 000000007ffe9000-00007ff55d34ffff 0x0001/0x0000 0x0000000
42827cc.2b8c: *00007ff55d350000-00007ff55d350fff 0x0002/0x0002 0x0040000
42927cc.2b8c: 00007ff55d351000-00007ff55d35ffff 0x0001/0x0000 0x0000000
43027cc.2b8c: *00007ff55d360000-00007ff55d382fff 0x0002/0x0002 0x0040000
43127cc.2b8c: 00007ff55d383000-00007ff64d16ffff 0x0001/0x0000 0x0000000
43227cc.2b8c: *00007ff64d170000-00007ff64d170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43327cc.2b8c: 00007ff64d171000-00007ff64d1e5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43427cc.2b8c: 00007ff64d1e6000-00007ff64d1e6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43527cc.2b8c: 00007ff64d1e7000-00007ff64d22efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43627cc.2b8c: 00007ff64d22f000-00007ff64d22ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43727cc.2b8c: 00007ff64d230000-00007ff64d230fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43827cc.2b8c: 00007ff64d231000-00007ff64d235fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
43927cc.2b8c: 00007ff64d236000-00007ff64d236fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
44027cc.2b8c: 00007ff64d237000-00007ff64d237fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
44127cc.2b8c: 00007ff64d238000-00007ff64d23bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
44227cc.2b8c: 00007ff64d23c000-00007ff64d284fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
44327cc.2b8c: 00007ff64d285000-00007ff99299ffff 0x0001/0x0000 0x0000000
44427cc.2b8c: *00007ff9929a0000-00007ff9929a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
44527cc.2b8c: 00007ff9929a1000-00007ff992ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
44627cc.2b8c: 00007ff992ab8000-00007ff992afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
44727cc.2b8c: 00007ff992aff000-00007ff992b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
44827cc.2b8c: 00007ff992b0b000-00007ff992b19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
44927cc.2b8c: 00007ff992b1a000-00007ff992b1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
45027cc.2b8c: 00007ff992b1b000-00007ff992b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
45127cc.2b8c: 00007ff992b1e000-00007ff992b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
45227cc.2b8c: 00007ff992b90000-00007ffffffeffff 0x0001/0x0000 0x0000000
45327cc.2b8c: VirtualBoxVM.exe: timestamp 0x5d6e3430 (rc=VINF_SUCCESS)
45427cc.2b8c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
45527cc.2b8c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
45627cc.2b8c: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
45727a0.2a6c: Log file opened: 6.0.12r133076 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
45827a0.2a6c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9929a0000 g_uNtVerCombined=0xa047ba00
45927a0.2a6c: ntdll.dll: timestamp 0xf24fc044 (rc=VINF_SUCCESS)
46027a0.2a6c: New simple heap: #1 0000000000600000 LB 0x400000 (for 2031616 allocation)
46127cc.2b8c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
46227cc.2b8c: supR3HardNtEnableThreadCreationEx:
46327a0.2a6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
46427a0.2a6c: System32: \Device\HarddiskVolume3\Windows\System32
46527a0.2a6c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
46627a0.2a6c: KnownDllPath: C:\WINDOWS\System32
46727a0.2a6c: supR3HardenedVmProcessInit: Opening vboxdrv...
46827a0.2a6c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
46927a0.2a6c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
47027a0.2a6c: Registered Dll notification callback with NTDLL.
47127a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
47227a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
47327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
47427a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990700000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
47527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
47627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
47727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9927d0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
47827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
47927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\KERNEL32.DLL'
48027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff64d170000 LB 0x00115000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
48127a0.2a6c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
48227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
48327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
48427a0.2a6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff992a11800 pvNtTerminateThread=00007ff992a3cb20
48527cc.2b8c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 145 ms.
48627a0.2a6c: \SystemRoot\System32\ntdll.dll:
48727a0.2a6c: CreationTime: 2019-09-11T15:06:46.480481700Z
48827a0.2a6c: LastWriteTime: 2019-09-11T15:06:46.519381400Z
48927a0.2a6c: ChangeTime: 2019-09-11T15:11:11.763337600Z
49027a0.2a6c: FileAttributes: 0x20
49127a0.2a6c: Size: 0x1e8458
49227a0.2a6c: NT Headers: 0xd8
49327a0.2a6c: Timestamp: 0xf24fc044
49427a0.2a6c: Machine: 0x8664 - amd64
49527a0.2a6c: Timestamp: 0xf24fc044
49627a0.2a6c: Image Version: 10.0
49727a0.2a6c: SizeOfImage: 0x1f0000 (2031616)
49827a0.2a6c: Resource Dir: 0x17f000 LB 0x6f310
49927a0.2a6c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
50027a0.2a6c: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
50127a0.2a6c: ProductName: Microsoft® Windows® Operating System
50227a0.2a6c: ProductVersion: 10.0.18362.356
50327a0.2a6c: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
50427a0.2a6c: FileDescription: NT Layer DLL
50527a0.2a6c: \SystemRoot\System32\kernel32.dll:
50627a0.2a6c: CreationTime: 2019-09-11T15:06:30.537351000Z
50727a0.2a6c: LastWriteTime: 2019-09-11T15:06:30.554305600Z
50827a0.2a6c: ChangeTime: 2019-09-11T15:11:09.793563100Z
50927a0.2a6c: FileAttributes: 0x20
51027a0.2a6c: Size: 0xb0570
51127a0.2a6c: NT Headers: 0xe8
51227a0.2a6c: Timestamp: 0xd0cecc10
51327a0.2a6c: Machine: 0x8664 - amd64
51427a0.2a6c: Timestamp: 0xd0cecc10
51527a0.2a6c: Image Version: 10.0
51627a0.2a6c: SizeOfImage: 0xb2000 (729088)
51727a0.2a6c: Resource Dir: 0xb0000 LB 0x520
51827a0.2a6c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
51927a0.2a6c: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
52027a0.2a6c: ProductName: Microsoft® Windows® Operating System
52127a0.2a6c: ProductVersion: 10.0.18362.329
52227a0.2a6c: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
52327a0.2a6c: FileDescription: Windows NT BASE API Client DLL
52427a0.2a6c: \SystemRoot\System32\KernelBase.dll:
52527a0.2a6c: CreationTime: 2019-09-11T15:06:46.941250600Z
52627a0.2a6c: LastWriteTime: 2019-09-11T15:06:46.992113700Z
52727a0.2a6c: ChangeTime: 2019-09-11T15:11:11.390799400Z
52827a0.2a6c: FileAttributes: 0x20
52927a0.2a6c: Size: 0x2a2638
53027a0.2a6c: NT Headers: 0xf0
53127a0.2a6c: Timestamp: 0x7083db20
53227a0.2a6c: Machine: 0x8664 - amd64
53327a0.2a6c: Timestamp: 0x7083db20
53427a0.2a6c: Image Version: 10.0
53527a0.2a6c: SizeOfImage: 0x2a3000 (2764800)
53627a0.2a6c: Resource Dir: 0x27d000 LB 0x548
53727a0.2a6c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
53827a0.2a6c: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
53927a0.2a6c: ProductName: Microsoft® Windows® Operating System
54027a0.2a6c: ProductVersion: 10.0.18362.356
54127a0.2a6c: FileVersion: 10.0.18362.356 (WinBuild.160101.0800)
54227a0.2a6c: FileDescription: Windows NT BASE API Client DLL
54327a0.2a6c: \SystemRoot\System32\apisetschema.dll:
54427a0.2a6c: CreationTime: 2019-03-19T04:43:54.837151500Z
54527a0.2a6c: LastWriteTime: 2019-03-19T04:43:54.837151500Z
54627a0.2a6c: ChangeTime: 2019-09-11T15:07:25.157338500Z
54727a0.2a6c: FileAttributes: 0x20
54827a0.2a6c: Size: 0x1d028
54927a0.2a6c: NT Headers: 0xc8
55027a0.2a6c: Timestamp: 0xd6ced080
55127a0.2a6c: Machine: 0x8664 - amd64
55227a0.2a6c: Timestamp: 0xd6ced080
55327a0.2a6c: Image Version: 10.0
55427a0.2a6c: SizeOfImage: 0x1e000 (122880)
55527a0.2a6c: Resource Dir: 0x1d000 LB 0x408
55627a0.2a6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
55727a0.2a6c: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
55827a0.2a6c: ProductName: Microsoft® Windows® Operating System
55927a0.2a6c: ProductVersion: 10.0.18362.1
56027a0.2a6c: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
56127a0.2a6c: FileDescription: ApiSet Schema DLL
56227a0.2a6c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
56327a0.2a6c: supR3HardenedWinFindAdversaries: 0x80
56427a0.2a6c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
56527a0.2a6c: CreationTime: 2019-09-11T15:31:40.591432800Z
56627a0.2a6c: LastWriteTime: 2019-09-11T15:31:40.591432800Z
56727a0.2a6c: ChangeTime: 2019-09-11T15:31:40.604398200Z
56827a0.2a6c: FileAttributes: 0x20
56927a0.2a6c: Size: 0x43320
57027a0.2a6c: NT Headers: 0xf8
57127a0.2a6c: Timestamp: 0x5c9e68f9
57227a0.2a6c: Machine: 0x8664 - amd64
57327a0.2a6c: Timestamp: 0x5c9e68f9
57427a0.2a6c: Image Version: 10.0
57527a0.2a6c: SizeOfImage: 0x45000 (282624)
57627a0.2a6c: Resource Dir: 0x43000 LB 0x3b8
57727a0.2a6c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
57827a0.2a6c: [Raw version resource data: 0x43060 LB 0x358, codepage 0x0 (reserved 0x0)]
57927a0.2a6c: ProductName: Malwarebytes SwissArmy
58027a0.2a6c: ProductVersion: 4.3.0.170
58127a0.2a6c: FileVersion: 4.3.0.170
58227a0.2a6c: FileDescription: Malwarebytes SwissArmy
58327a0.2a6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
58427a0.2a6c: Calling main()
58527a0.2a6c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
58627a0.2a6c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
58727a0.2a6c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
58827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
58927a0.2a6c: SUPR3HardenedMain: Final process, opening VBoxDrv...
59027a0.2a6c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
59127a0.2a6c: supR3HardNtEnableThreadCreationEx:
59227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
59327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
59427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
59527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
59627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff982d80000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
59727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
59827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
59927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
60027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982d80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
60127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
60227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
60327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982d80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
60427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982d80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
60527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
60627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
60727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
60827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
60927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
61027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
61127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
61227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
61327a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
61427a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
61527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
61627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
61727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
61827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
61927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
62027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
62127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
62227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
62327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
62427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
62527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
62627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
62727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
62827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
62927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
63027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
63127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
63227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff991ab0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
63327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
63427a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f8f0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
63527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
63627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98fc50000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
63727a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
63827a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
63927a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98fb00000 LB 0x00149000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
64027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
64127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9924c0000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
64227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
64327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9905d0000 LB 0x0005c000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
64427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64527a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
64627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
64727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
64827a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
64927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
65027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
65127a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
65227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
65327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
65427a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
65527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
65627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
65727a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
65827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
65927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
66027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9905d0000 'C:\WINDOWS\system32\Wintrust.dll'
66127a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
66227a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
66327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
66427a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98fad0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
66527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
66627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fad0000 'C:\WINDOWS\system32\bcrypt.dll'
66727a0.2a6c: bcrypt.dll loaded at 00007ff98fad0000, BCryptOpenAlgorithmProvider at 00007ff98fad4c70, preloading providers:
66827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
66927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
67027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
67127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990680000 LB 0x00080000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
67227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
67327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990680000 'C:\WINDOWS\system32\bcryptprimitives.dll'
67427a0.2a6c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000b0dd90)
67527a0.2a6c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000b0eaf0)
67627a0.2a6c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000b0edf0)
67727a0.2a6c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000b0f0f0)
67827a0.2a6c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000b0f3f0)
67927a0.2a6c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000b0f6f0)
68027a0.2a6c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000b0f9f0)
68127a0.2a6c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000b10100)
68227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98fd50000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
68327a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
68427a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
68527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
68627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
68727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
68827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
68927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
69027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
69127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
69227a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
69327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98ec50000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
69427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
69527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
69627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
69727a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
69827a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
69927a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f2b0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
70027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
70127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
70227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
70327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
70427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
70527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
70727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
70827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
70927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9905d0000 'C:\WINDOWS\System32\WINTRUST.DLL'
71027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
71127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
71227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\CRYPT32.dll'
71327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990b80000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
71427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
71527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
71627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
71727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
71827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
71927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
72027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
72127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
72227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
72327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9925e0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
72427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
72527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
72627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
72727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
72827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
72927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
73027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
73127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98e490000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
73227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
73327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f910000 LB 0x0001f000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
73427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
73527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
73627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
73727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
73827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
73927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
74027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
74127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
74227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
74327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
74427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
74527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
74627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
74727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
74827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
74927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
75127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
75227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
75327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
75427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
75527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
75627a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
75727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff97d900000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
75827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
75927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
76127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
76227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
76427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
76527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
76727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
76827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
77027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
77127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
77227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
77327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
77427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
77527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
77627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
77727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
77827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
77927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
78127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
78327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
78527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
78727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\WINDOWS\System32\cryptnet.dll'
78827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97d900000 'C:\Windows\System32\cryptnet.dll'
79027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990ad0000 LB 0x000a3000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
79127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
79227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
79327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
79427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
79527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
79627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
79727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
79827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
79927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
80027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
80127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
80227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
80327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
80427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
80527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
80627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
80727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
80827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
80927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
81027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
81127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
81227a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000b35eb0
81327a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
81427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FF0E0DB0F3B25F10A57DF1ED1D340BCBE29B8F90
81527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
81627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
81727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9924c0000 'C:\WINDOWS\System32\rpcrt4.dll'
81827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
81927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
82127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
82227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
82427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\SystemRoot\System32\ntdll.dll'
82527a0.2a6c: g_pfnWinVerifyTrust=00007ff9905d61f0
82627a0.2a6c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
82727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
82827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
82927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
83027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
83127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
83327a0.2a6c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
83427a0.2a6c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
83527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
83627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
83727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
83827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
83927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
84027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
84127a0.2a6c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
84227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
84327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
84427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
84527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
84627a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
84727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
84827a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
84927a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
85027a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=09032EBC3D9D9BDDC0EE4A6463C043296B79FF20
85127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
85227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
85327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
85427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
85527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
85627a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
85727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
85827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
85927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
86027a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
86127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
86227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
86327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
86427a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
86527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
86627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
86727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
86827a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
86927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
87027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
87127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
87227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
87327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
87427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
87527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
87627a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
87727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
87827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
87927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
88027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
88127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
88227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
88327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
88427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
88527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
88627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
88727a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
88827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
88927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
89027a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
89127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
89227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
89327a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
89427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
89527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
89627a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
89727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
89827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
89927a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
90027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
90127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
90227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
90327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
90427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
90527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
90627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
90727a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
90827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
90927a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
91027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
91127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
91227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
91327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
91427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
91527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
91627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\system32\crypt32.dll'
91727a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
91827a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
91927a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
92027a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
92127a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
92227a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
92327a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
92427a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
92527a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
92627a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
92727a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
92827a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
92927a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
93027a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
93127a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
93227a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
93327a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
93427a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
93527a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
93627a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
93727a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
93827a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
93927a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
94027a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
94127a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
94227a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
94327a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
94427a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
94527a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
94627a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
94727a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
94827a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
94927a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
95027a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
95127a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
95227a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
95327a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
95427a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
95527a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
95627a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
95727a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
95827a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
95927a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
96027a0.2a6c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
96127a0.2a6c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=44
96227a0.2a6c: SUPR3HardenedMain: Load Runtime...
96327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
96427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
96527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
96627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
96727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
96827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
96927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
97027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
97127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
97227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
97327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
97427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
97527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
97627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
97727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
97827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
97927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
98027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
98127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
98227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
98327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
98427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
98527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
98627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
98727a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
98827a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
98927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
99027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
99127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
99227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
99327a0.2a6c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
99427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
99527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
99627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
99727a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
99827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
99927a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
100027a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
100127a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
100227a0.2a6c: supR3HardenedDllNotificationCallback: load 0000000054580000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
100327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
100427a0.2a6c: supR3HardenedDllNotificationCallback: load 00000000544e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
100527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
100627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff992380000 LB 0x0006f000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
100727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
100827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff947150000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
100927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
101027a0.2a6c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
101127a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
101227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
101327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
101427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
101627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
101727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
101827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
101927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
102227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
102527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
102727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
102827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
103727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
103827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
104927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
105627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
105927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947150000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
106127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
106227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
106327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9905d0000 'C:\WINDOWS\system32\Wintrust.dll'
106427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
106527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
106627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
106727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
106827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
106927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
107027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\system32\crypt32.dll'
107127a0.2a6c: SUPR3HardenedMain: Load TrustedMain...
107227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
107327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
107427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
107527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
107627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
107727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
107827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
107927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
108027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
108127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
108227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
108327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
108427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
108527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
108627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
108727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
108827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
108927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
109027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
109127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
109227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
109327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
109427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
109527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
109627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
109727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
109827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
109927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
110027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
110127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
110227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
110327a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
110427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
110527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
110627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
110727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
110827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
110927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
111027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
111127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
111227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
111327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
111427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
111527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
111627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
111727a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
111827a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
111927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
112027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
112127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
112227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
112327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
112427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
112527a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
112627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
112727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'bcryptprimitives.dll'.
112827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
112927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
113027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
113127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
113227a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
113327a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
113427a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
113527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
113627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
113727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
113827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
113927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
114027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
114127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
114227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
114327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
114427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'user32.dll'.
114527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
114627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
114727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
114827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
114927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
115027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
115127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
115227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
115327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
115427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
115527a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
115627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
115727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
115827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
115927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
116027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
116127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
116227a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
116327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
116427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
116527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
116627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
116727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
116827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
116927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
117027a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
117127a0.2a6c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
117227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
117327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
117427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
117527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
117627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
117727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
117827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
117927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
118027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
118127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
118227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
118327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
118427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
118527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
118627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
118727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
118827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
118927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
119027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
119127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
119227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
119327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
119427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
119527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
119627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
119727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
119827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
119927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
120027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
120127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
120227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
120327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
120427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
120527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
120627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
120727a0.2a6c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
120827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
120927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
121027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
121127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
121227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
121327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
121427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
121527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
121627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
121727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
121827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
121927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
122027a0.2a6c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
122127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
122227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
122327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
122427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
122527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
122627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
122727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
122827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
122927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
123027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
123127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
123227a0.2a6c: Detected WinVerifyTrust recursion: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
123327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
123427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
123527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
123627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
123727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
123827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
123927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
124027a0.2a6c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
124127a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
124227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
124327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
124427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
124527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
124627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
124727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
124827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
124927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
125027a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
125127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #77 'user32.dll'.
125227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #79 'gdi32.dll'.
125327a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
125427a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
125527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
125627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
125727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
125827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
125927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
126027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
126127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
126227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
126327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
126427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
126527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
126627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
126727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
126827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
126927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
127027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
127127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
127227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
127327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
127427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
127527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
127627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
127727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
127827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
127927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
128027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
128127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
128227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
128327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
128427a0.2a6c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
128527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
128627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
128727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
128827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
128927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
129027a0.2a6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
129127a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
129227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
129327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
129427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
129527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
129627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
129727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
129827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
129927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
130027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
130127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
130227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
130327a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
130427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
130527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
130627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
130727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
130827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
130927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
131027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
131127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
131227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
131327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
131427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
131527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
131627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
131727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
131827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
131927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
132027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
132127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
132227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
132327a0.2a6c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
132427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
132527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
132627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
132727a0.2a6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
132827a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
132927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
133027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
133127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
133227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
133327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
133427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
133527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
133627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
133727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
133827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
133927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
134027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
134127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
134227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
134327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
134427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
134527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
134627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
134727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
134827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
134927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
135027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
135127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
135227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
135327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
135427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
135527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
135627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
135727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
135827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
135927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
136027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
136127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
136227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
136327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
136427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
136527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
136627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
136727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
136827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
136927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
137027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
137127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
137227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
137327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
137427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
137527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
137627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
137727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
137827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
137927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
138027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
138127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
138227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
138327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
138427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
138527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
138627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
138727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
138827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
138927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
139027a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
139127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
139227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
139327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
139427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
139527a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
139627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
139727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
139827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
139927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
140027a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
140127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
140227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
140327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
140427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
140527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
140627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
140727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
140827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
140927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
141027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
141127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
141227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
141327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
141427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
141527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
141627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
141727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
141827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
141927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
142027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
142127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
142227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
142327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
142427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
142527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
142627a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
142727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D96AC08A370555DBA383B5B229B9D92AB1322E57
142827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
142927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
143027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
143127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
143227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
143327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
143427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
143527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
143627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
143727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
143827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
143927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
144027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
144127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
144227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
144327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
144427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
144527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
144627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
144727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
144827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
144927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
145027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
145127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
145227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
145327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
145427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
145527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
145627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
145727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0212~31bf3856ad364e35~amd64~~10.0.18362.329.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
145827a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
145927a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
146027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
146127a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
146227a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
146327a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
146427a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
146527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
146627a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
146727a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
146827a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
146927a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
147027a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
147127a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
147227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
147327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
147427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DXCore.dll)
147527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DXCore.dll
147627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9905a0000 LB 0x00021000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
147727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
147827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9909b0000 LB 0x0009e000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
147927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
148027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f930000 LB 0x00194000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
148127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
148227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
148327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
148427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
148527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
148627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
148727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff991990000 LB 0x00026000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
148827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
148927a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990d00000 LB 0x00193000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
149027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
149127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff992030000 LB 0x00336000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
149227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
149327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990630000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
149427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
149527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
149627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98e4e0000 LB 0x00020000 C:\WINDOWS\SYSTEM32\dxcore.dll [fFlags=0x0]
149727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
149827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff96e300000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
149927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
150027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff96e3e0000 LB 0x00156000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
150127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
150227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990ea0000 LB 0x000a9000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
150327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
150427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'rpcrt4.dll'.
150527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
150627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
150727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
150827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f870000 LB 0x00010000 C:\WINDOWS\System32\UMPDC.dll [fFlags=0x0]
150927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
151027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
151127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f8a0000 LB 0x0004a000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
151227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
151327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'umpdc.dll'.
151427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
151527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
151627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff991640000 LB 0x00052000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
151727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
151827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
151927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
152027a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
152127a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
152227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f880000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
152327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
152427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
152527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
152627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
152727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98fe20000 LB 0x0077e000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
152827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
152927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
153027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'rpcrt4.dll'.
153127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'profapi.dll'.
153227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
153327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
153427a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990f50000 LB 0x006e5000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
153527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
153627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff990ba0000 LB 0x00156000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
153727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
153827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff97e510000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
153927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
154027a0.2a6c: supR3HardenedDllNotificationCallback: load 00000000536c0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
154127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
154227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9447c0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
154327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
154427a0.2a6c: supR3HardenedDllNotificationCallback: load 0000000053150000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
154527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [avoiding WinVerifyTrust]
154627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff992890000 LB 0x000c4000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
154727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
154827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff944dc0000 LB 0x02387000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
154927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
155027a0.2a6c: supR3HardenedDllNotificationCallback: load 0000000054460000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
155127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
155227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98d060000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
155327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
155427a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98d090000 LB 0x00024000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
155527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
155627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff982bf0000 LB 0x00188000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
155727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
155827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
155927a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
156027a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
156127a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
156227a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
156327a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
156427a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
156527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
156627a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
156727a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rescheduled]
156827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
156927a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
157027a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
157127a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
157227a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
157327a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
157427a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\DXCore.dll'.
157527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\DXCore.dll' [rescheduled]
157627a0.2a6c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
157727a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
157827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
157927a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
158027a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shell32.dll'.
158127a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rescheduled]
158227a0.2a6c: Detected loader lock ownership: rc=Unknown Status 24202 (0x5e8a) '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
158327a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 24202 (was 24202) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' [rescheduled]
158427a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
158527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
158627a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
158727a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
158827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
158927a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
159027a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
159127a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
159227a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
159327a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
159427a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
159527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
159627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
159727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
159827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
159927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
160027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
160127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
160227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
160327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
160427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
160527a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
160627a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
160727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
160827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
160927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
161027a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
161127a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
161227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
161327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
161427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
161527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
161627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
161927a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
162027a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
162127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
162227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
162327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
162427a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
162527a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
162627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'umpdc.dll'...
162927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'umpdc.dll' -> '\Device\HarddiskVolume3\Windows\System32\umpdc.dll' [rcNtRedir=0xc0150008]
163027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [redoing WinVerifyTrust]
163127a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'.
163227a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\umpdc.dll
163327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
163427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
163527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
163627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
163727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
163827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
163927a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
164027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
164127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
164227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
164327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
164527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
164627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
164727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
164827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
164927a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
165027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
165127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
165327a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
165427a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
165527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
165627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
165727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
165827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
165927a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
166027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
166127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
166227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
166327a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
166427a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
166527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
166627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
166727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
166827a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
166927a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
167027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
167127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
167227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
167327a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
167427a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
167527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
167627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
167727a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
167827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
167927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-string-l1-1-0'
168027a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
168127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
168227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-datetime-l1-1-1'
168327a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
168427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
168527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-obsolete-l1-2-0'
168627a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
168727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
168827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
168927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
169027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
169127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
169227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
169327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
169427a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
169527a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
169627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
169727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
169827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
169927a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
170027a0.2a6c: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
170127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
170227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9927a0000 LB 0x0002e000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
170327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
170427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927a0000 'C:\WINDOWS\system32\IMM32.DLL'
170527a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
170627a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
170727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
170827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
170927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ad0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
171027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982bf0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
171127a0.2a6c: SUPR3HardenedMain: Calling TrustedMain (00007ff982bf16c0)...
171227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
171327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
171427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
171527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
171627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
171727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
171827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
171927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
172027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
172127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
172227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
172327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
172427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
172527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
172627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
172727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
172827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
172927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
173027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
173127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
173227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
173327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
173427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
173527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
173627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
173727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
173827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
173927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [redoing WinVerifyTrust]
174027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
174127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
174227a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shell32.dll'
174327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
174427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
174527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
174627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
174727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
174827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
174927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
175027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
175127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
175227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
175327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
175427a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
175527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
175727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
175827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
175927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
176027a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
176127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
176227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
176327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
176427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
176527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
176627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
176727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
176827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
176927a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
177027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
177127a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
177227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff944310000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
177327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
177427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff944310000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
177527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
177627a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
177727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
177827a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71A0B41C2A2D97E6C17677503DBE8A9A21901872
177927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
178027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
178127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0415~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
178227a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
178327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
178427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
178527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
178627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
178727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
178827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
178927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
179027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
179127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
179227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
179327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
179427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
179527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
179627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98d860000 LB 0x00099000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
179727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
179827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d860000 'C:\WINDOWS\system32\uxtheme.dll'
179927a0.2a6c: \Device\HarddiskVolume3\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll: Owner is administrators group.
180027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
180127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
180227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmm.dll'.
180327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
180427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
180527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll) WinVerifyTrust
180627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
180727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
180827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
180927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
181027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
181127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
181227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
181327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
181427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
181527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
181627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
181727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
181827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
181927a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
182027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
182127a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
182227a0.2a6c: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x00272000 C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll [fFlags=0x0]
182327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
182427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll'
182527a0.2a6c: \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll: Owner is administrators group.
182627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
182727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
182827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
182927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
183027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
183127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
183227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
183327a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll) WinVerifyTrust
183427a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll
183527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
183627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
183727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
183827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
183927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
184027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
184127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
184227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
184327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
184427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
184527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
184627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
184727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
184827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
184927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
185027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
185127a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll
185227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff95bfc0000 LB 0x000f8000 C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll [fFlags=0x0]
185327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll
185427a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
185527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
185627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
185727a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
185827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
185927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
186027a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
186127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
186227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
186327a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
186427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
186527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
186627a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
186727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
186827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
186927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff95bfc0000 'C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\A-Volute.SonicStudio3DevProps2.dll'
187027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990d00000 'C:\WINDOWS\system32\user32.dll'
187127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
187227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990f50000 'C:\WINDOWS\system32\shell32.dll'
187427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
187527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
187627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
187727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
187827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
187927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\system32\SHCore.dll'
188027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
188127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
188227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
188327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
188427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\system32\winmm.dll'
188527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
188627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
188727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\system32\winmm.dll'
188827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
188927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
189027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990f50000 'C:\WINDOWS\system32\shell32.dll'
189127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
189227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
189327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d860000 'C:\WINDOWS\system32\uxtheme.dll'
189427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
189527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
189627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ad0000 'C:\WINDOWS\system32\advapi32.dll'
189727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
189827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
189927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
190027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'profapi.dll'.
190127a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
190227a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
190327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
190427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
190527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
190627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
190727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
190827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
190927a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
191027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98f790000 LB 0x00025000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
191127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
191227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98f790000 'C:\WINDOWS\system32\userenv.dll'
191327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
191427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
191527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
191627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff992680000 LB 0x000a2000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
191727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
191827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
191927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
192027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
192127a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
192227a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
192327a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192427a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192527a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
192627a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
192727a0.357c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
192827a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
192927a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
193027a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
193127a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
193227a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
193327a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
193427a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
193527a0.357c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
193627a0.357c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
193727a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
193827a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
193927a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
194027a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
194127a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
194227a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
194327a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
194427a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
194527a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
194627a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
194727a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
194827a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
194927a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
195027a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
195127a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
195227a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
195327a0.357c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
195427a0.357c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
195527a0.357c: supR3HardenedDllNotificationCallback: load 00007ff94c250000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
195627a0.357c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
195727a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c250000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
195827a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
195927a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
196027a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
196127a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
196227a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
196327a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
196427a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
196527a0.357c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
196627a0.357c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
196727a0.357c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
196827a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
196927a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
197027a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
197127a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
197227a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
197327a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
197427a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
197527a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
197627a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
197727a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
197827a0.357c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
197927a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
198027a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
198127a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
198227a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
198327a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
198427a0.357c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
198527a0.357c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
198627a0.357c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
198727a0.357c: supR3HardenedDllNotificationCallback: load 00007ff965260000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
198827a0.357c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
198927a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff965260000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
199027a0.357c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
199127a0.357c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
199227a0.357c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff992890000 'C:\Windows\System32\oleaut32.dll'
199327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\system32\gdi32.dll'
199427a0.3580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
199527a0.3580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
199627a0.3580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
199727a0.3580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
199827a0.3580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
199927a0.3580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
200027a0.3580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
200127a0.3580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
200227a0.3580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
200327a0.3580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
200427a0.3580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
200527a0.3580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
200627a0.3580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
200727a0.3580: supR3HardenedDllNotificationCallback: load 00007ff982be0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
200827a0.3580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
200927a0.3580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982be0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
201027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
201127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
201227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990f50000 'C:\WINDOWS\system32\shell32.dll'
201327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
201427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
201527a0.2a6c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
201627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
201727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
201827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
201927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9929a0000 'C:\WINDOWS\System32\ntdll.dll'
202027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9916a0000 LB 0x00135000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
202127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
202227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
202327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
202427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
202527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
202627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
202727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
202827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
202927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
203027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
203127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
203227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
203327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
203527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
203627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
203727a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
203827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
203927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
204027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
204127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
204227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
204327a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000664 pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
204427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
204527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
204627a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3632E0380EF7C400BBC7C4B0B9ED8D9F9860503B
204727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
204827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
204927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
205027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
205127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0410~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
205227a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
205427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
205527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
205627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
205727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
205827a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
205927a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
206027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
206127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
206227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
206327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
206427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
206527a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
206627a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
206727a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
206827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
206927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
207027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
207127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
207227a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
207327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
207427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
207527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
207627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
207727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
207827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
207927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'dxgi.dll'.
208027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'win32u.dll'.
208127a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
208227a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
208327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
208427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
208527a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
208627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
208727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
208827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
208927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
209027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
209127a0.2a6c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
209227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
209327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
209427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
209527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
209627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
209727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
209827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
209927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
210027a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
210127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
210227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
210327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
210427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
210527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
210627a0.2a6c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
210727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
210827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
210927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
211027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
211127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
211227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
211327a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
211427a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
211527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
211627a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
211727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98e570000 LB 0x000eb000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
211827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
211927a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98c370000 LB 0x0025b000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
212027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
212127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98ca30000 LB 0x001db000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
212227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
212327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff965a60000 LB 0x0003a000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
212427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
212527a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
212627a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
212727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
212827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
212927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
213027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff965a60000 'C:\WINDOWS\system32\dataexchange.dll'
213127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rmclient.dll'.
213227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
213327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'combase.dll'.
213427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'msvcp_win.dll'.
213527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
213627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
213727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
213827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
213927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
214027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
214127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98de40000 LB 0x00029000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
214227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
214327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98d960000 LB 0x0025a000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
214427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
214527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
214627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
214727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
214827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
214927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
215027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
215127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
215227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
215327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
215427a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
215527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
215627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
215727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
215827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
215927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
216027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
216127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
216227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
216327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
216427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
216527a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
216627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
216727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
216827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ea0000 'C:\WINDOWS\system32\Shcore.dll'
216927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990ba0000 'C:\WINDOWS\System32\ole32.dll'
217027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
217127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
217227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff992890000 'C:\WINDOWS\System32\OLEAUT32.dll'
217327a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a9c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
217427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
217527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
217627a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DB1AA7E2E4704C908EC9382E1F9E64808B9E5E1D
217727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
217827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
217927a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
218027a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
218127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
218227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
218327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
218427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
218527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
218627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
218727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
218827a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ab4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
218927a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
219027a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
219127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=22EAF38FA276D7A374D3945ACD556FA0953D3440
219227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
219327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
219427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
219527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
219627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
219727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
219827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
219927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
220027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
220127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
220227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
220327a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
220427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
220527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
220627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
220727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
220827a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
220927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
221027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
221127a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
221227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
221327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
221427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
221527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
221627a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
221727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff981720000 LB 0x00084000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
221827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
221927a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9817b0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
222027a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
222127a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
222227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
222327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
222427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9817b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
222527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
222627a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
222727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
222827a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00C864D7F76A7AD25E7D0DA164B0B66188F5B7FF
222927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
223027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
223127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
223227a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
223327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
223427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
223527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
223627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
223727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
223827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
223927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
224027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
224127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
224227a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
224327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff980090000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
224427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
224527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff980090000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
224627a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
224727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
224827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-0.dll'
224927a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
225027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
225127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
225227a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b10 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
225327a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
225427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
225527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0708A64F48237CD4D5092546CE9C373F20B30CA1
225627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
225727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
225827a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package03~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
225927a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
226027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
226127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
226227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
226327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
226427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
226527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
226627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
226727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
226827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
226927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
227027a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
227127a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9800b0000 LB 0x00101000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
227227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
227327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9800b0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
227427a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
227527a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
227627a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
227727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5D4D58A583ACAD5AA76D7DD0F2DB8ADE903942B
227827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
227927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
228027a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
228127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
228227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
228327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
228427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
228527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
228627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
228727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
228827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume3\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
228927a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
229027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
229127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
229227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
229327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
229427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
229527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
229627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff97c070000 LB 0x00015000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
229727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
229827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c070000 'C:\WINDOWS\System32\amsi.dll'
229927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
230027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
230127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
230227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
230327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
230427a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
230527a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MpOAV.dll) WinVerifyTrust
230627a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MpOAV.dll
230727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
230827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
230927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
231027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
231127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
231227a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
231327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
231427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
231527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
231627a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MpOAV.dll
231727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff97c020000 LB 0x00022000 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpOav.dll [fFlags=0x0]
231827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MpOAV.dll
231927a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
232027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
232127a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\version.dll)
232227a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\version.dll
232327a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
232427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
232527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
232627a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
232727a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98ad80000 LB 0x0000a000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
232827a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [avoiding WinVerifyTrust]
232927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ad80000 'C:\WINDOWS\system32\version.dll'
233027a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\version.dll'.
233127a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\version.dll' [rescheduled]
233227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c020000 'C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpOav.dll'
233327a0.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
233427a0.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
233527a0.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
233627a0.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
233727a0.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
233827a0.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
233927a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
234027a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
234127a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
234227a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
234327a0.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
234427a0.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
234527a0.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
234627a0.2a50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
234727a0.2a50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
234827a0.2a50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
234927a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
235027a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
235127a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
235227a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
235327a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
235427a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
235527a0.2a50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
235627a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
235727a0.2a50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
235827a0.2a50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
235927a0.2a50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
236027a0.2a50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
236127a0.2a50: supR3HardenedDllNotificationCallback: load 0000000053040000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
236227a0.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
236327a0.2a50: supR3HardenedDllNotificationCallback: load 00007ff982770000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
236427a0.2a50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
236527a0.2a50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982770000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
236627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
236727a0.2b0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
236827a0.2b0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
236927a0.2b0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
237027a0.2b0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
237127a0.2b0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
237227a0.2b0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
237327a0.2b0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
237427a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
237527a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
237627a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
237727a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
237827a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
237927a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
238027a0.2b0c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
238127a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
238227a0.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
238327a0.2b0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
238427a0.2b0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
238527a0.2b0c: supR3HardenedDllNotificationCallback: load 00007ff982bd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
238627a0.2b0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
238727a0.2b0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
238827a0.2b0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990d00000 'C:\WINDOWS\system32\User32.dll'
238927a0.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
239027a0.1668: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
239127a0.1668: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
239227a0.1668: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
239327a0.1668: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
239427a0.1668: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
239527a0.1668: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
239627a0.1668: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
239727a0.1668: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
239827a0.1668: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
239927a0.1668: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
240027a0.1668: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
240127a0.1668: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
240227a0.1668: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
240327a0.1668: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
240427a0.1668: supR3HardenedDllNotificationCallback: load 00007ff982bc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
240527a0.1668: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
240627a0.1668: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
240727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990f50000 'C:\WINDOWS\system32\Shell32.dll'
240827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
240927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
241027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982770000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
241127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
241227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
241327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
241427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
241527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
241627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
241727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
241827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
241927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
242027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
242127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
242227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
242327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
242427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
242527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
242627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
242727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
242827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
242927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
243027a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
243127a0.402c: supR3HardenedDllNotificationCallback: load 00007ff982b70000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
243227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
243327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982b70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
243427a0.402c: supR3HardenedDllNotificationCallback: Unload 00007ff982b70000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
243527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
243627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
243727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
243827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
243927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
244027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
244127a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
244227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
244327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
244427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
244527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
244627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
244727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
244827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
244927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
245027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
245127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
245227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
245327a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
245427a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
245527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
245627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
245727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
245827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
245927a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
246027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
246127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
246227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
246327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
246427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
246527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
246627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'cfgmgr32.dll'.
246727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
246827a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
246927a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
247027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
247127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
247227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
247327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
247427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
247527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
247627a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
247727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
247827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
247927a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
248027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
248127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
248227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
248327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
248427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
248527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
248627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
248727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
248827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
248927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
249027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
249127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
249227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
249327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
249427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
249527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
249627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
249727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
249827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
249927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
250027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
250127a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
250227a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
250327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
250427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
250527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
250627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
250727a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
250827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
250927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
251027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
251127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
251227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
251327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
251427a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
251527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
251627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
251727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
251827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
251927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
252027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
252127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
252227a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
252327a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
252427a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
252527a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
252627a0.402c: supR3HardenedDllNotificationCallback: load 00007ff991b50000 LB 0x00470000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
252727a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
252827a0.402c: supR3HardenedDllNotificationCallback: load 00007ff94c1e0000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
252927a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
253027a0.402c: supR3HardenedDllNotificationCallback: load 00007ff982b60000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
253127a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
253227a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98edf0000 LB 0x0003a000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
253327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
253427a0.402c: supR3HardenedDllNotificationCallback: load 00007ff925110000 LB 0x009d9000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
253527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
253627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff925110000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
253727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
253827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
253927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
254027a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
254127a0.402c: supR3HardenedDllNotificationCallback: load 00007ff982b10000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
254227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
254327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982b10000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
254427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
254527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
254627a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
254727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94c250000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
254827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
254927a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
255027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982b60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
255227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
255327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
255427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
255527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
255627a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
255727a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
255827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
255927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
256027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
256127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
256227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
256327a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
256427a0.402c: supR3HardenedDllNotificationCallback: load 00007ff982750000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
256527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
256627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982750000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
256727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
256827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
256927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
257027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
257127a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
257227a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
257327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
257427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
257527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
257627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
257727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
257827a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
257927a0.402c: supR3HardenedDllNotificationCallback: load 00007ff981fa0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
258027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
258127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff981fa0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
258227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
258327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
258427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
258527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
258627a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
258727a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
258827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
258927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
259027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
259127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
259227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
259327a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
259427a0.402c: supR3HardenedDllNotificationCallback: load 00007ff981f80000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
259527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
259627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff981f80000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
259727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
259827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
259927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
260027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
260127a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
260227a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
260327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
260427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
260527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
260627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
260727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
260827a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
260927a0.402c: supR3HardenedDllNotificationCallback: load 00007ff981f60000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
261027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
261127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff981f60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
261227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
261327a0.12c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
261427a0.12c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
261527a0.12c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
261627a0.12c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
261727a0.12c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
261827a0.12c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
261927a0.12c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
262027a0.12c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
262127a0.12c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
262227a0.12c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
262327a0.12c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
262427a0.12c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
262527a0.12c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
262627a0.12c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
262727a0.12c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
262827a0.12c4: supR3HardenedDllNotificationCallback: load 00007ff981f40000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
262927a0.12c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
263027a0.12c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff981f40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
263127a0.580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
263227a0.580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
263327a0.580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
263427a0.580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
263527a0.580: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
263627a0.580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
263727a0.580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
263827a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
263927a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
264027a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
264127a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
264227a0.580: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
264327a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
264427a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
264527a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
264627a0.580: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
264727a0.580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
264827a0.580: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
264927a0.580: supR3HardenedDllNotificationCallback: load 00007ff982740000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
265027a0.580: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
265127a0.580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982740000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
265227a0.3228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
265327a0.3228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
265427a0.3228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
265527a0.3228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
265627a0.3228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
265727a0.3228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
265827a0.3228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
265927a0.3228: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
266027a0.3228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
266127a0.3228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
266227a0.3228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
266327a0.3228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
266427a0.3228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
266527a0.3228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
266627a0.3228: supR3HardenedDllNotificationCallback: load 00007ff981f30000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
266727a0.3228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
266827a0.3228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff981f30000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
266927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982770000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
267027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
267127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
267227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
267327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
267427a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
267527a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
267627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
267727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
267827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
267927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
268027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
268127a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
268227a0.402c: supR3HardenedDllNotificationCallback: load 00007ff97e490000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
268327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
268427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97e490000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
268527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
268627a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
268727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98edf0000 'C:\WINDOWS\system32\Iphlpapi.dll'
268827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
268927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
269027a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
269127a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
269227a0.402c: supR3HardenedDllNotificationCallback: load 00007ff992370000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
269327a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
269427a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
269527a0.402c: supR3HardenedDllNotificationCallback: load 00007ff988ad0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
269627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
269727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
269827a0.402c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
269927a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
270027a0.402c: supR3HardenedDllNotificationCallback: load 00007ff988a40000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
270127a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
270227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
270327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
270427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
270527a0.402c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
270627a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
270727a0.402c: supR3HardenedDllNotificationCallback: load 00007ff988e30000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
270827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
270927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
271027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
271127a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
271227a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
271327a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98ee30000 LB 0x000ca000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
271427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
271527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
271627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
271727a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
271827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
271927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
272027a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
272127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
272227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
272327a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
272427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
272527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
272627a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
272727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
272827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
272927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
273027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
273127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
273227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
273327a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
273427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
273527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
273627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
273727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
273827a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
273927a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f64 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
274027a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
274127a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
274227a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ABBE12EE7925737522BCF905613B49C6CAA0BE8C
274327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
274427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
274527a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
274627a0.402c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
274727a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
274827a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f60 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
274927a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
275027a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
275127a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62657CFC96994F71846A6491CB0A48C51E4DCEBA
275227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
275327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
275427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
275527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
275627a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
275727a0.402c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
275827a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
275927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
276027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
276127a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
276227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
276327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
276427a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
276527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
276627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
276727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
276827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
276927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
277027a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
277127a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
277227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
277327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
277427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
277527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
277627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
277727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
277827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
277927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
278027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
278127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
278227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
278327a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
278427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
278527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
278627a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
278727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
278827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
278927a0.402c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
279027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
279127a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
279227a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
279327a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98f670000 LB 0x0002a000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
279427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
279527a0.402c: supR3HardenedDllNotificationCallback: load 00007ff989c30000 LB 0x00078000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
279627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
279727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff989c30000 'C:\WINDOWS\System32\MMDevApi.dll'
279827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
279927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevAPI.dll (Input=MMDevAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
280027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff989c30000 'C:\WINDOWS\System32\MMDevAPI.dll'
280127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
280227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
280327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
280427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
280527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
280627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
280727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
280827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
280927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
281027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
281127a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
281227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
281327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
281427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
281527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
281627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
281727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
281827a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
281927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AudioSes.dll (Input=AudioSes.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
282027a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
282127a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
282227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
282327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
282427a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
282527a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
282627a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98a900000 LB 0x00153000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
282727a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
282827a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98a730000 LB 0x0015d000 C:\WINDOWS\System32\AudioSes.dll [fFlags=0x0]
282927a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
283027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98a730000 'C:\WINDOWS\System32\AudioSes.dll'
283127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
283227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
283327a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
283427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
283527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
283627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
283727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
283827a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
283927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
284027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
284127a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
284227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
284327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
284427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff989c30000 'C:\WINDOWS\System32\MMDevApi.dll'
284527a0.402c: \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll: Owner is administrators group.
284627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
284727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
284827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
284927a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll) WinVerifyTrust
285027a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll
285127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
285227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
285327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
285427a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll
285527a0.402c: supR3HardenedDllNotificationCallback: load 00007ff95de60000 LB 0x00020000 C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll [fFlags=0x0]
285627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll
285727a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
285827a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
285927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
286027a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
286127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
286227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
286327a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
286427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
286527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
286627a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
286727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
286827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
286927a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
287027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
287127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
287227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff95de60000 'C:\ProgramData\A-Volute\A-Volute.SonicStudio3\Modules\ScheduledModules\x64\ProductInfo.dll'
287327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
287427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
287527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
287627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'rpcrt4.dll'.
287727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
287827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
287927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
288027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
288127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
288227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
288327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PropSys.dll (Input=PropSys.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
288427a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
288527a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98d500000 LB 0x000ef000 C:\WINDOWS\System32\PropSys.dll [fFlags=0x0]
288627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
288727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d500000 'C:\WINDOWS\System32\PropSys.dll'
288827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
288927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
289027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff989c30000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
289127a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000108c pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
289227a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
289327a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
289427a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8184043CF3F3DF1E3CF96E74DBBF7D0836417373
289527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
289627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
289727a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
289827a0.402c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
289927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
290027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
290127a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
290227a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
290327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
290427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
290527a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
290627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
290727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
290827a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
290927a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
291027a0.402c: supR3HardenedDllNotificationCallback: load 00007ff947870000 LB 0x00099000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
291127a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
291227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
291327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
291427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947870000 'C:\WINDOWS\System32\dsound.dll'
291527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947870000 'C:\WINDOWS\System32\dsound.dll'
291627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
291727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
291827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947870000 'C:\WINDOWS\system32\dsound.dll'
291927a0.3584: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
292027a0.3584: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292127a0.3584: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98a730000 'C:\WINDOWS\System32\AUDIOSES.DLL'
292227a0.3584: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
292327a0.3584: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AudioSes.dll (Input=AudioSes.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292427a0.3584: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98a730000 'C:\WINDOWS\System32\AudioSes.dll'
292527a0.3584: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
292627a0.3584: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AudioSes.dll (Input=AudioSes.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
292727a0.3584: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98a730000 'C:\WINDOWS\System32\AudioSes.dll'
292827a0.3584: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
292927a0.3584: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
293027a0.3584: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
293127a0.3584: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
293227a0.3584: supR3HardenedDllNotificationCallback: load 00007ff98dbc0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
293327a0.3584: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
293427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
293527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
293627a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
293727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
293827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
293927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
294027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
294127a0.402c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
294227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
294327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
294427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
294527a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d8c pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
294627a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
294727a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
294827a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38EA8D6D625C6A0A9075DAE17FD33652FF8FC23A
294927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
295027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
295127a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
295227a0.402c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
295327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
295427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
295527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
295627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
295727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
295827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
295927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
296027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
296127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
296227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
296327a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
296427a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
296527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
296627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
296727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
296827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
296927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
297027a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
297127a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
297227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
297327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
297427a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
297527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
297627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
297727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
297827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
297927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
298027a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
298127a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
298227a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
298327a0.402c: supR3HardenedDllNotificationCallback: load 00007ff986190000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
298427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
298527a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98ae20000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
298627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
298727a0.402c: supR3HardenedDllNotificationCallback: load 00007ff97c1a0000 LB 0x00044000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
298827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
298927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
299027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
299127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
299227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
299327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
299427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
299527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
299627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
299727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
299827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
299927a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
300027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
300127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
300227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
300327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
300427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
300527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
300627a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
300727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
300827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
300927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
301027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
301127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff97c1a0000 'C:\WINDOWS\System32\wdmaud.drv'
301227a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000115c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
301327a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
301427a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
301527a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=763C5E89A8DA653902990733D245B99CC7C40BEA
301627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
301727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
301827a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
301927a0.402c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
302027a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
302127a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
302227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
302327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
302427a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
302527a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
302627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
302727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
302827a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
302927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
303027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
303127a0.402c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
303227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
303327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
303427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
303527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
303627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
303727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
303827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
303927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
304027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
304127a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
304227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
304327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
304427a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
304527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
304627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
304727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
304827a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
304927a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
305027a0.402c: supR3HardenedDllNotificationCallback: load 00007ff97c180000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
305127a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
305227a0.402c: supR3HardenedDllNotificationCallback: load 00007ff986180000 LB 0x0000d000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
305327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
305427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
305527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
305627a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
305727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
305827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
305927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
306027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
306127a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
306227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
306327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
306427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
306527a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
306627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
306727a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
306827a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
306927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
307027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
307127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
307227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
307327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
307427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
307527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986180000 'C:\WINDOWS\System32\msacm32.drv'
307627a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000118c pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
307727a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
307827a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
307927a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB34EC166C3F780657AB67E557E6C2E60C398D10
308027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
308127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
308227a0.402c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.295.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
308327a0.402c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
308427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
308527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
308627a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
308727a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
308827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
308927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
309027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
309127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
309227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
309327a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
309427a0.402c: supR3HardenedDllNotificationCallback: load 00007ff986170000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
309527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
309627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986170000 'C:\WINDOWS\System32\midimap.dll'
309727a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
309827a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
309927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986170000 'C:\WINDOWS\System32\midimap.dll'
310027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
310127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
310227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986170000 'C:\WINDOWS\System32\midimap.dll'
310327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
310427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
310527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff986170000 'C:\WINDOWS\System32\midimap.dll'
310627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
310727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
310827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
310927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
311327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
311427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
311927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
312627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
312727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
312827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff947870000 'C:\WINDOWS\system32\dsound.dll'
312927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
313427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
313527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d090000 'C:\WINDOWS\System32\winmm.dll'
313927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff982770000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
314027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
314127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
314227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
314327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
314427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
314527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
314627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
314727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d9.dll) WinVerifyTrust
314827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d9.dll
314927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
315027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
315127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
315227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
315327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
315427a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
315527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
315627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
315727a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
315827a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
315927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
316027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
316127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
316227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
316327a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
316427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
316527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
316627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
316727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
316827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
316927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
317027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
317127a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
317227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
317327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
317427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
317527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
317627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
317727a0.402c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
317827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
317927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
318027a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
318127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
318227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
318327a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
318427a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
318527a0.402c: supR3HardenedDllNotificationCallback: load 00007ff98d930000 LB 0x0002d000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0]
318627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
318727a0.402c: supR3HardenedDllNotificationCallback: load 00007ff987b80000 LB 0x001c7000 C:\WINDOWS\system32\d3d9.dll [fFlags=0x0]
318827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
318927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
319027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
319127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
319227a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
319327a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
319427a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll) WinVerifyTrust
319527a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
319627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
319727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
319827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
319927a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
320027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
320127a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
320227a0.402c: supR3HardenedDllNotificationCallback: load 00007ff952950000 LB 0x001cd000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll [fFlags=0x0]
320327a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
320427a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
320527a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
320627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
320727a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
320827a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
320927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
321027a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
321127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
321227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
321327a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
321427a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
321527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
321627a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
321727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
321827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
321927a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
322027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
322127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
322227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
322327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
322427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
322527a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'igdgmm64.dll'.
322627a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
322727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
322827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
322927a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll) WinVerifyTrust
323027a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
323127a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
323227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
323327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
323427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
323527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
323627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
323727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igdgmm64.dll'...
323827a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'igdgmm64.dll' -> '\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll' [rcNtRedir=0xc0150008]
323927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
324027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
324127a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll) WinVerifyTrust
324227a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
324327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324427a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
324527a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
324627a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
324727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
324827a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
324927a0.402c: supR3HardenedDllNotificationCallback: load 00007ff985e80000 LB 0x00120000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll [fFlags=0x0]
325027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
325127a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
325227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
325327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
325427a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
325527a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
325627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
325727a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
325827a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
325927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
326027a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
326127a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
326227a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
326327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
326427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
326527a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
326627a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
326727a0.402c: supR3HardenedDllNotificationCallback: load 00007ff91eda0000 LB 0x03c11000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll [fFlags=0x0]
326827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
326927a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
327027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
327127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
327227a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
327327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
327427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
327527a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
327627a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
327727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
327827a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
327927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
328027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
328127a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
328227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
328327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
328427a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
328527a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
328627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
328727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
328827a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
328927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
329027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
329127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
329227a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll
329327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
329427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9929a0000 'C:\WINDOWS\System32\ntdll.dll'
329527a0.402c: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll: Owner is administrators group.
329627a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
329727a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
329827a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
329927a0.402c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
330027a0.402c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll) WinVerifyTrust
330127a0.402c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
330227a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
330327a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
330427a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
330527a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
330627a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
330727a0.402c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume3\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
330827a0.402c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll [redoing WinVerifyTrust]
330927a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
331027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
331127a0.402c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\version.dll'
331227a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
331327a0.402c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
331427a0.402c: supR3HardenedDllNotificationCallback: load 00007ff9818a0000 LB 0x00032000 C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll [fFlags=0x0]
331527a0.402c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
331627a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
331727a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
331827a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
331927a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
332027a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
332127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
332227a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
332327a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
332427a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
332527a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
332627a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
332727a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
332827a0.402c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
332927a0.402c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
333027a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
333127a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9818a0000 'C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll'
333227a0.2c6c: supR3HardenedDllNotificationCallback: Unload 00007ff9818a0000 LB 0x00032000 C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll [flags=0x0]
333327a0.402c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
333427a0.21f4: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
333527a0.21f4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
333627a0.21f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
333727a0.21f4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001218 (hFile=00000000000012ac) with 0xc0000022 -> STATUS_TRUST_FAILURE
333827a0.21f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
333927a0.21f4: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000012ac (hFile=0000000000001218) with 0xc0000022 -> STATUS_TRUST_FAILURE
334027a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012bc pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
334127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000b35eb0
334227a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000b35eb0
334327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
334427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
334527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9905d0000 'C:\WINDOWS\System32\WINTRUST.DLL'
334627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\CRYPT32.dll'
334727a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA82E87EA0AFDE233574365E30C7D65CC7127390
334827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
334927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
335027a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.356.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
335127a0.2a6c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
335227a0.2a6c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
335327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
335427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
335527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d930000 'C:\WINDOWS\system32\dwmapi.dll'
335627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
335727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\opengl32.dll (Input=opengl32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
335827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\opengl32.dll'
335927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
336027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
336127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
336227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
336327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
336427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
336527a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
336627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9818a0000 LB 0x00032000 C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll [fFlags=0x0]
336727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
336827a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
336927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
337027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
337127a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
337227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
337327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
337427a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
337527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
337627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
337727a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
337827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
337927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
338027a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
338127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
338227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
338327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9818a0000 'C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll'
338427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
338527a0.12c8: supR3HardenedDllNotificationCallback: Unload 00007ff9818a0000 LB 0x00032000 C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll [flags=0x0]
338627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
338727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
338827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
338927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
339027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
339127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
339227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll) WinVerifyTrust
339327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll
339427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
339527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
339627a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
339727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
339827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
339927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
340027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
340127a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
340227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
340327a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll
340427a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff91dd90000 LB 0x01004000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll [fFlags=0x0]
340527a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll
340627a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
340727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
340827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
340927a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
341027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
341127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
341227a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
341327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
341427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
341527a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
341627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
341727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
341827a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
341927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
342027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
342127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
342227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
342327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
342427a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
342527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
342627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-string-l1-1-0'
342727a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
342827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
342927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-datetime-l1-1-1'
343027a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
343127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
343227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-obsolete-l1-2-0'
343327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
343427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OpenGL32.dll (Input=OpenGL32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
343527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OpenGL32.dll'
343627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990d00000 'C:\WINDOWS\System32\User32.dll'
343727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
343827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
343927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98d930000 'C:\WINDOWS\System32\dwmapi.dll'
344027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\Gdi32.dll'
344127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [redoing WinVerifyTrust]
344227a0.2a6c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
344327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\dxgi.dll
344427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dxgi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
344527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98e570000 'C:\WINDOWS\system32\dxgi.dll'
344627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91dd90000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll'
344727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
344827a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
344927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
345027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98dbc0000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
345127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
345227a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
345327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
345427a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
345527a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff9818a0000 LB 0x00032000 C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll [fFlags=0x0]
345627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll
345727a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
345827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
345927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
346027a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
346127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
346227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
346327a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
346427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
346527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
346627a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
346727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
346827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
346927a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
347027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
347127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
347227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9818a0000 'C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll'
347327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff991990000 'C:\WINDOWS\System32\gdi32.dll'
347427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
347527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
347627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
347727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
347827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
347927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
348027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
348127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\version.dll
348227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
348327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ad80000 'C:\WINDOWS\System32\version.dll'
348427a0.278c: supR3HardenedDllNotificationCallback: Unload 00007ff9818a0000 LB 0x00032000 C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_ca82942d5c881493\nvdlistx.dll [flags=0x0]
348527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files\Oracle\VirtualBox\igc64.dll': 0 (NtPath=\??\C:\Program Files\Oracle\VirtualBox\igc64.dll; Input=C:\Program Files\Oracle\VirtualBox\igc64.dll; rcNtGetDll=0x0
348627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Program Files\Oracle\VirtualBox\igc64.dll'
348727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
348827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
348927a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shell32.dll'.
349027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
349127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
349227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll) WinVerifyTrust
349327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
349427a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
349527a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
349627a0.2a6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
349727a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
349827a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
349927a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
350027a0.2a6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
350127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
350227a0.2a6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
350327a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff983b20000 LB 0x02360000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll [fFlags=0x0]
350427a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
350527a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
350627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
350727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
350827a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
350927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
351027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
351127a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
351227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
351327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
351427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
351527a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
351627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
351727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-string-l1-1-0'
351827a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
351927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
352027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-datetime-l1-1-1'
352127a0.2a6c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
352227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
352327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-obsolete-l1-2-0'
352427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
352527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
352627a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll
352727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
352827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91dd90000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\ig9icd64.dll'
352927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
353227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
353327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
353927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
354927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
355027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
355127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
355927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
356927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
357927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
358427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
358527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
358927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
359927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360727a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
360927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361027a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361127a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361227a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361327a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361427a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361527a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361627a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff96e3e0000 'C:\WINDOWS\System32\OPENGL32.dll'
361727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
361827a0.2a6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
361927a0.2a6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9916a0000 'C:\WINDOWS\System32\MSCTF.dll'
362027a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
362127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
362227a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'coreuicomponents.dll'.
362327a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coremessaging.dll'.
362427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
362527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
362627a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
362727a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
362827a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'shcore.dll'.
362927a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
363027a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
363127a0.2a6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
363227a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
363327a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
363427a0.2a6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
363527a0.2a6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
363627a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98e9e0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
363727a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
363827a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff98cc10000 LB 0x000d4000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
363927a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
364027a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff989ce0000 LB 0x0032a000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
364127a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
364227a0.2a6c: supR3HardenedDllNotificationCallback: load 00007ff973f30000 LB 0x0009e000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
364327a0.2a6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
364427a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
364527a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
364627a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
364727a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
364827a0.21f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
364927a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
365027a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
365127a0.21f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
365227a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
365327a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
365427a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
365527a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
365627a0.21f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
365727a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
365827a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
365927a0.21f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
366027a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
366127a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
366227a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
366327a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
366427a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
366527a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
366627a0.21f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
366727a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
366827a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
366927a0.21f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
367027a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
367127a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
367227a0.21f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
367327a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
367427a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
367527a0.21f4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
367627a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
367727a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
367827a0.21f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
367927a0.21f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
368027a0.21f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
368127a0.21f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
368227a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
368327a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
368427a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
368527a0.21f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
368627a0.21f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
368727a0.21f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
368827a0.21f4: supR3HardenedDllNotificationCallback: load 00007ff98f0e0000 LB 0x00067000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
368927a0.21f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
369027a0.21f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98f0e0000 'C:\WINDOWS\system32\mswsock.dll'
369127a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
369227a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
369327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
369427a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
369527a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
369627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
369727a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
369827a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
369927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
370027a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
370127a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
370227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
370327a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
370427a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
370527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
370627a0.3b20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
370727a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
370827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98dbc0000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
370927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
371027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
371127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
371227a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
371327a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
371427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
371527a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
371627a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
371727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
371827a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
371927a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
372027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
372127a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
372227a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
372327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
372427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98ec50000 'C:\WINDOWS\system32\rsaenh.dll'
372527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff98fb00000 'C:\WINDOWS\System32\crypt32.dll'
372627a0.3b20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
372727a0.3b20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll) WinVerifyTrust
372827a0.3b20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll
372927a0.3b20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
373027a0.3b20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
373127a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
373227a0.3b20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll
373327a0.3b20: supR3HardenedDllNotificationCallback: load 00007ff94b0d0000 LB 0x00021000 C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll [fFlags=0x0]
373427a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll
373527a0.3b20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
373627a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
373727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-synch-l1-2-0'
373827a0.3b20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
373927a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
374027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-fibers-l1-1-1'
374127a0.3b20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
374227a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
374327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff990700000 'api-ms-win-core-localization-l1-2-1'
374427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'C:\WINDOWS\System32\kernel32.dll'
374527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff94b0d0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdinfo64.dll'
374627a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
374727a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
374827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
374927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
375027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
375127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
375227a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
375327a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
375427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
375527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
375627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
375727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
375827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
375927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
376027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
376127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
376227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
376327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
376427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
376527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
376627a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
376727a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
376827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
376927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
377027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
377127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
377227a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
377327a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
377427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
377527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
377627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
377727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
377827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
377927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
378027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
378127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
378227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
378327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
378427a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
378527a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
378627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
378727a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
378827a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
378927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
379027a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
379127a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
379227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
379327a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
379427a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
379527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
379627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
379727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
379827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
379927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
380027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
380127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
380227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
380327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
380427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
380527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
380627a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
380727a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
380827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
380927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
381027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
381127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
381227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
381327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
381427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
381527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
381627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
381727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
381827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
381927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
382027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
382127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
382227a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
382327a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
382427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
382527a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
382627a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
382727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
382827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
382927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
383027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
383127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
383227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
383327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
383427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
383527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
383627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
383727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
383827a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll
383927a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
384027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
384127a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d9.dll
384227a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\d3d9.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
384327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
384427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
384527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
384627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
384727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
384827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
384927a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll
385027a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
385127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
385227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
385327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
385427a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll
385527a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
385627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
385727a0.3b20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll
385827a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
385927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
386027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
386127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
386227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
386327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
386427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
386527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
386627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
386727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
386827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
386927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
387027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
387127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
387227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
387327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
387427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
387527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
387627a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
387727a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
387827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
387927a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff952950000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdumdim64.dll'
388027a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
388127a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
388227a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91eda0000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igd9dxva64.dll'
388327a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff985e80000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igdgmm64.dll'
388427a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff983b20000 'C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_8dc03618ea16fa9b\igc64.dll'
388527a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff987b80000 'C:\WINDOWS\system32\d3d9.dll'
388627a0.3b20: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
388727a0.3b20: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
388827a0.3b20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9927d0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
388927cc.2b8c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc000001d (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 377470 ms, the end);
38904574.6b8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc000001d (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 378232 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy