API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 6th, 2025
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 471.21 KB | None | 0 0
raw download clone embed print report
  1. 2534.14dc: \SystemRoot\System32\ntdll.dll:
  2. 2534.14dc: CreationTime: 2025-03-12T17:32:50.955934500Z
  3. 2534.14dc: LastWriteTime: 2025-03-12T17:32:51.017206900Z
  4. 2534.14dc: ChangeTime: 2025-03-13T22:19:28.355125000Z
  5. 2534.14dc: FileAttributes: 0x20
  6. 2534.14dc: Size: 0x216038
  7. 2534.14dc: NT Headers: 0xe8
  8. 2534.14dc: Timestamp: 0x36d7bcf8
  9. 2534.14dc: Machine: 0x8664 - amd64
  10. 2534.14dc: Timestamp: 0x36d7bcf8
  11. 2534.14dc: Image Version: 10.0
  12. 2534.14dc: SizeOfImage: 0x217000 (2191360)
  13. 2534.14dc: Resource Dir: 0x1a0000 LB 0x759a8
  14. 2534.14dc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  15. 2534.14dc: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  16. 2534.14dc: ProductName: Microsoft® Windows® Operating System
  17. 2534.14dc: ProductVersion: 10.0.22621.4974
  18. 2534.14dc: FileVersion: 10.0.22621.4974 (WinBuild.160101.0800)
  19. 2534.14dc: FileDescription: NT Layer DLL
  20. 2534.14dc: \SystemRoot\System32\kernel32.dll:
  21. 2534.14dc: CreationTime: 2025-03-12T17:32:50.494392400Z
  22. 2534.14dc: LastWriteTime: 2025-03-12T17:32:50.522189500Z
  23. 2534.14dc: ChangeTime: 2025-03-13T22:20:04.067768600Z
  24. 2534.14dc: FileAttributes: 0x20
  25. 2534.14dc: Size: 0xc7188
  26. 2534.14dc: NT Headers: 0xe8
  27. 2534.14dc: Timestamp: 0x8c0b1418
  28. 2534.14dc: Machine: 0x8664 - amd64
  29. 2534.14dc: Timestamp: 0x8c0b1418
  30. 2534.14dc: Image Version: 10.0
  31. 2534.14dc: SizeOfImage: 0xc4000 (802816)
  32. 2534.14dc: Resource Dir: 0xc2000 LB 0x520
  33. 2534.14dc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  34. 2534.14dc: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  35. 2534.14dc: ProductName: Microsoft® Windows® Operating System
  36. 2534.14dc: ProductVersion: 10.0.22621.4974
  37. 2534.14dc: FileVersion: 10.0.22621.4974 (WinBuild.160101.0800)
  38. 2534.14dc: FileDescription: Windows NT BASE API Client DLL
  39. 2534.14dc: \SystemRoot\System32\KernelBase.dll:
  40. 2534.14dc: CreationTime: 2025-03-12T17:32:51.859758200Z
  41. 2534.14dc: LastWriteTime: 2025-03-12T17:32:52.063051800Z
  42. 2534.14dc: ChangeTime: 2025-03-13T22:20:04.207799700Z
  43. 2534.14dc: FileAttributes: 0x20
  44. 2534.14dc: Size: 0x3d7f18
  45. 2534.14dc: NT Headers: 0xf8
  46. 2534.14dc: Timestamp: 0xa29a3610
  47. 2534.14dc: Machine: 0x8664 - amd64
  48. 2534.14dc: Timestamp: 0xa29a3610
  49. 2534.14dc: Image Version: 10.0
  50. 2534.14dc: SizeOfImage: 0x3d1000 (4001792)
  51. 2534.14dc: Resource Dir: 0x3a0000 LB 0x548
  52. 2534.14dc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  53. 2534.14dc: [Raw version resource data: 0x3a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  54. 2534.14dc: ProductName: Microsoft® Windows® Operating System
  55. 2534.14dc: ProductVersion: 10.0.22621.5037
  56. 2534.14dc: FileVersion: 10.0.22621.5037 (WinBuild.160101.0800)
  57. 2534.14dc: FileDescription: Windows NT BASE API Client DLL
  58. 2534.14dc: \SystemRoot\System32\apisetschema.dll:
  59. 2534.14dc: CreationTime: 2024-08-18T12:47:44.848835500Z
  60. 2534.14dc: LastWriteTime: 2024-08-18T12:47:44.854356200Z
  61. 2534.14dc: ChangeTime: 2025-03-12T17:34:36.442764200Z
  62. 2534.14dc: FileAttributes: 0x20
  63. 2534.14dc: Size: 0x245e0
  64. 2534.14dc: NT Headers: 0xc8
  65. 2534.14dc: Timestamp: 0x8f476251
  66. 2534.14dc: Machine: 0x8664 - amd64
  67. 2534.14dc: Timestamp: 0x8f476251
  68. 2534.14dc: Image Version: 10.0
  69. 2534.14dc: SizeOfImage: 0x23000 (143360)
  70. 2534.14dc: Resource Dir: 0x22000 LB 0x408
  71. 2534.14dc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  72. 2534.14dc: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  73. 2534.14dc: ProductName: Microsoft® Windows® Operating System
  74. 2534.14dc: ProductVersion: 10.0.22621.3958
  75. 2534.14dc: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
  76. 2534.14dc: FileDescription: ApiSet Schema DLL
  77. 2534.14dc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  78. 2534.14dc: supR3HardenedWinFindAdversaries: 0x0
  79. 2534.14dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  80. 2534.14dc: Calling main()
  81. 2534.14dc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  82. 2534.14dc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  83. 2534.14dc: SUPR3HardenedMain: Respawn #1
  84. 2534.14dc: System32: \Device\HarddiskVolume5\Windows\System32
  85. 2534.14dc: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
  86. 2534.14dc: KnownDllPath: C:\Windows\System32
  87. 2534.14dc: supR3HardenedWinInit: Performing a limited self purification...
  88. 2534.14dc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
  89. 2534.14dc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  90. 2534.14dc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  91. 2534.14dc: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
  92. 2534.14dc: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
  93. 2534.14dc: 000000007ffea000-000000ace888ffff 0x0001/0x0000 0x0000000
  94. 2534.14dc: *000000ace8890000-000000ace8948fff 0x0000/0x0004 0x0020000
  95. 2534.14dc: 000000ace8949000-000000ace894bfff 0x0104/0x0004 0x0020000
  96. 2534.14dc: 000000ace894c000-000000ace898ffff 0x0004/0x0004 0x0020000
  97. 2534.14dc: 000000ace8990000-000000ace89fffff 0x0001/0x0000 0x0000000
  98. 2534.14dc: *000000ace8a00000-000000ace8a47fff 0x0000/0x0004 0x0020000
  99. 2534.14dc: 000000ace8a48000-000000ace8a4afff 0x0004/0x0004 0x0020000
  100. 2534.14dc: 000000ace8a4b000-000000ace8bfffff 0x0000/0x0004 0x0020000
  101. 2534.14dc: 000000ace8c00000-000002893cbfffff 0x0001/0x0000 0x0000000
  102. 2534.14dc: *000002893cc00000-000002893cc0ffff 0x0004/0x0004 0x0040000
  103. 2534.14dc: *000002893cc10000-000002893cc12fff 0x0002/0x0002 0x0040000
  104. 2534.14dc: 000002893cc13000-000002893cc1ffff 0x0001/0x0000 0x0000000
  105. 2534.14dc: *000002893cc20000-000002893cc3efff 0x0002/0x0002 0x0040000
  106. 2534.14dc: 000002893cc3f000-000002893cc3ffff 0x0001/0x0000 0x0000000
  107. 2534.14dc: *000002893cc40000-000002893cc43fff 0x0002/0x0002 0x0040000
  108. 2534.14dc: 000002893cc44000-000002893cc4ffff 0x0001/0x0000 0x0000000
  109. 2534.14dc: *000002893cc50000-000002893cc50fff 0x0002/0x0002 0x0040000
  110. 2534.14dc: 000002893cc51000-000002893cc5ffff 0x0001/0x0000 0x0000000
  111. 2534.14dc: *000002893cc60000-000002893cc61fff 0x0004/0x0004 0x0020000
  112. 2534.14dc: 000002893cc62000-000002893cc6ffff 0x0001/0x0000 0x0000000
  113. 2534.14dc: *000002893cc70000-000002893cc72fff 0x0002/0x0002 0x0040000
  114. 2534.14dc: 000002893cc73000-000002893cc7ffff 0x0001/0x0000 0x0000000
  115. 2534.14dc: *000002893cc80000-000002893cc81fff 0x0004/0x0004 0x0020000
  116. 2534.14dc: 000002893cc82000-000002893cce1fff 0x0000/0x0004 0x0020000
  117. 2534.14dc: 000002893cce2000-000002893cceffff 0x0001/0x0000 0x0000000
  118. 2534.14dc: *000002893ccf0000-000002893ccf3fff 0x0002/0x0002 0x0040000
  119. 2534.14dc: 000002893ccf4000-000002893ccfffff 0x0001/0x0000 0x0000000
  120. 2534.14dc: *000002893cd00000-000002893cd03fff 0x0002/0x0002 0x0040000
  121. 2534.14dc: 000002893cd04000-000002893cd0ffff 0x0001/0x0000 0x0000000
  122. 2534.14dc: *000002893cd10000-000002893cd10fff 0x0002/0x0002 0x0040000
  123. 2534.14dc: 000002893cd11000-000002893cd2ffff 0x0001/0x0000 0x0000000
  124. 2534.14dc: *000002893cd30000-000002893cd39fff 0x0004/0x0004 0x0020000
  125. 2534.14dc: 000002893cd3a000-000002893ce2ffff 0x0000/0x0004 0x0020000
  126. 2534.14dc: *000002893ce30000-000002893cefdfff 0x0002/0x0002 0x0040000
  127. 2534.14dc: 000002893cefe000-000002893cefffff 0x0001/0x0000 0x0000000
  128. 2534.14dc: *000002893cf00000-000002893cf01fff 0x0004/0x0004 0x0020000
  129. 2534.14dc: 000002893cf02000-000002893cf61fff 0x0000/0x0004 0x0020000
  130. 2534.14dc: 000002893cf62000-000002893cf6ffff 0x0001/0x0000 0x0000000
  131. 2534.14dc: *000002893cf70000-000002893cf7efff 0x0004/0x0004 0x0020000
  132. 2534.14dc: 000002893cf7f000-000002893cf7ffff 0x0000/0x0004 0x0020000
  133. 2534.14dc: *000002893cf80000-000002893cf88fff 0x0000/0x0004 0x0020000
  134. 2534.14dc: 000002893cf89000-000002893d1a0fff 0x0004/0x0004 0x0020000
  135. 2534.14dc: 000002893d1a1000-000002893d1a1fff 0x0000/0x0004 0x0020000
  136. 2534.14dc: 000002893d1a2000-000002893d1affff 0x0001/0x0000 0x0000000
  137. 2534.14dc: *000002893d1b0000-000002893d1e0fff 0x0004/0x0004 0x0020000
  138. 2534.14dc: 000002893d1e1000-000002893d2affff 0x0000/0x0004 0x0020000
  139. 2534.14dc: 000002893d2b0000-00007df46695ffff 0x0001/0x0000 0x0000000
  140. 2534.14dc: *00007df466960000-00007df466964fff 0x0002/0x0002 0x0040000
  141. 2534.14dc: 00007df466965000-00007df466a5ffff 0x0000/0x0002 0x0040000
  142. 2534.14dc: *00007df466a60000-00007df566a7ffff 0x0000/0x0004 0x0020000
  143. 2534.14dc: *00007df566a80000-00007df568a7ffff 0x0000/0x0004 0x0020000
  144. 2534.14dc: 00007df568a80000-00007df568a80fff 0x0004/0x0004 0x0020000
  145. 2534.14dc: 00007df568a81000-00007df568a8ffff 0x0001/0x0000 0x0000000
  146. 2534.14dc: *00007df568a90000-00007df568a90fff 0x0002/0x0002 0x0040000
  147. 2534.14dc: 00007df568a91000-00007df568a9ffff 0x0001/0x0000 0x0000000
  148. 2534.14dc: *00007df568aa0000-00007df569f22fff 0x0000/0x0001 0x0040000
  149. 2534.14dc: 00007df569f23000-00007df569ff1fff 0x0001/0x0001 0x0040000
  150. 2534.14dc: 00007df569ff2000-00007df56a886fff 0x0000/0x0001 0x0040000
  151. 2534.14dc: 00007df56a887000-00007df56a887fff 0x0001/0x0001 0x0040000
  152. 2534.14dc: 00007df56a888000-00007ff54127ffff 0x0000/0x0001 0x0040000
  153. 2534.14dc: 00007ff541280000-00007ff541284fff 0x0002/0x0001 0x0040000
  154. 2534.14dc: 00007ff541285000-00007ff5543d0fff 0x0000/0x0001 0x0040000
  155. 2534.14dc: 00007ff5543d1000-00007ff558018fff 0x0001/0x0001 0x0040000
  156. 2534.14dc: 00007ff558019000-00007ff558028fff 0x0002/0x0001 0x0040000
  157. 2534.14dc: 00007ff558029000-00007ff558080fff 0x0001/0x0001 0x0040000
  158. 2534.14dc: 00007ff558081000-00007ff558084fff 0x0002/0x0001 0x0040000
  159. 2534.14dc: 00007ff558085000-00007ff5580d3fff 0x0001/0x0001 0x0040000
  160. 2534.14dc: 00007ff5580d4000-00007ff5580dcfff 0x0002/0x0001 0x0040000
  161. 2534.14dc: 00007ff5580dd000-00007ff568a9ffff 0x0000/0x0001 0x0040000
  162. 2534.14dc: 00007ff568aa0000-00007ff61f80ffff 0x0001/0x0000 0x0000000
  163. 2534.14dc: *00007ff61f810000-00007ff61f810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  164. 2534.14dc: 00007ff61f811000-00007ff61f87bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  165. 2534.14dc: 00007ff61f87c000-00007ff61f87cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  166. 2534.14dc: 00007ff61f87d000-00007ff61f8d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  167. 2534.14dc: 00007ff61f8d2000-00007ff61f8d4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  168. 2534.14dc: 00007ff61f8d5000-00007ff61f8d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  169. 2534.14dc: 00007ff61f8d8000-00007ff61f8ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  170. 2534.14dc: 00007ff61f8de000-00007ff61f8defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  171. 2534.14dc: 00007ff61f8df000-00007ff61f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  172. 2534.14dc: 00007ff61f91a000-00007ffbd5e4ffff 0x0001/0x0000 0x0000000
  173. 2534.14dc: *00007ffbd5e50000-00007ffbd5e50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  174. 2534.14dc: 00007ffbd5e51000-00007ffbd6004fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  175. 2534.14dc: 00007ffbd6005000-00007ffbd61cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  176. 2534.14dc: 00007ffbd61ce000-00007ffbd61d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  177. 2534.14dc: 00007ffbd61d3000-00007ffbd61d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  178. 2534.14dc: 00007ffbd61d4000-00007ffbd6220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  179. 2534.14dc: 00007ffbd6221000-00007ffbd786ffff 0x0001/0x0000 0x0000000
  180. 2534.14dc: *00007ffbd7870000-00007ffbd7870fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  181. 2534.14dc: 00007ffbd7871000-00007ffbd78f1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  182. 2534.14dc: 00007ffbd78f2000-00007ffbd7928fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  183. 2534.14dc: 00007ffbd7929000-00007ffbd7929fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  184. 2534.14dc: 00007ffbd792a000-00007ffbd792afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  185. 2534.14dc: 00007ffbd792b000-00007ffbd7933fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  186. 2534.14dc: 00007ffbd7934000-00007ffbd8d0ffff 0x0001/0x0000 0x0000000
  187. 2534.14dc: *00007ffbd8d10000-00007ffbd8d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  188. 2534.14dc: 00007ffbd8d11000-00007ffbd8e41fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  189. 2534.14dc: 00007ffbd8e42000-00007ffbd8e8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  190. 2534.14dc: 00007ffbd8e90000-00007ffbd8e90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  191. 2534.14dc: 00007ffbd8e91000-00007ffbd8e92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  192. 2534.14dc: 00007ffbd8e93000-00007ffbd8e9bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  193. 2534.14dc: 00007ffbd8e9c000-00007ffbd8f26fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  194. 2534.14dc: 00007ffbd8f27000-00007ffffffeffff 0x0001/0x0000 0x0000000
  195. 2534.14dc: kernel32.dll: timestamp 0x8c0b1418 (rc=VINF_SUCCESS)
  196. 2534.14dc: kernelbase.dll: timestamp 0xa29a3610 (rc=VINF_SUCCESS)
  197. 2534.14dc: VirtualBoxVM.exe: timestamp 0x678f9dd6 (rc=VINF_SUCCESS)
  198. 2534.14dc: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  199. 2534.14dc: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
  200. 2534.14dc: 00007ff61f8e6000 / 0x00d6000: 00 != 70
  201. 2534.14dc: 00007ff61f8e6001 / 0x00d6001: e7 != f2
  202. 2534.14dc: 00007ff61f8e6002 / 0x00d6002: 82 != d9
  203. 2534.14dc: 00007ff61f8e6003 / 0x00d6003: 1f != d8
  204. 2534.14dc: 00007ff61f8e6004 / 0x00d6004: f6 != fb
  205. 2534.14dc: 00007ff61f8e6008 / 0x00d6008: 00 != 70
  206. 2534.14dc: 00007ff61f8e6009 / 0x00d6009: e7 != f2
  207. 2534.14dc: 00007ff61f8e600a / 0x00d600a: 82 != d9
  208. 2534.14dc: 00007ff61f8e600b / 0x00d600b: 1f != d8
  209. 2534.14dc: 00007ff61f8e600c / 0x00d600c: f6 != fb
  210. 2534.14dc: 00007ff61f8e6010 / 0x00d6010: f0 != b0
  211. 2534.14dc: 00007ff61f8e6011 / 0x00d6011: b4 != f3
  212. 2534.14dc: 00007ff61f8e6012 / 0x00d6012: 87 != d9
  213. 2534.14dc: 00007ff61f8e6013 / 0x00d6013: 1f != d8
  214. 2534.14dc: 00007ff61f8e6014 / 0x00d6014: f6 != fb
  215. 2534.14dc: 00007ff61f8e6018 / 0x00d6018: 10 != b0
  216. 2534.14dc: 00007ff61f8e6019 / 0x00d6019: b5 != f3
  217. 2534.14dc: 00007ff61f8e601a / 0x00d601a: 87 != d9
  218. 2534.14dc: 00007ff61f8e601b / 0x00d601b: 1f != d8
  219. 2534.14dc: 00007ff61f8e601c / 0x00d601c: f6 != fb
  220. 2534.14dc: 00007ff61f8e6020 / 0x00d6020: 10 != b0
  221. 2534.14dc: 00007ff61f8e6021 / 0x00d6021: b5 != f3
  222. 2534.14dc: 00007ff61f8e6022 / 0x00d6022: 87 != d9
  223. 2534.14dc: 00007ff61f8e6023 / 0x00d6023: 1f != d8
  224. 2534.14dc: 00007ff61f8e6024 / 0x00d6024: f6 != fb
  225. 2534.14dc: Restored 0x28 bytes of original file content at 00007ff61f8e6000
  226. 2534.14dc: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  227. 2534.14dc: 00007ff61f917b28 / 0x0107b28: 00 != 50
  228. 2534.14dc: 00007ff61f917b29 / 0x0107b29: 00 != 41
  229. 2534.14dc: 00007ff61f917b2a / 0x0107b2a: 00 != 44
  230. 2534.14dc: 00007ff61f917b2b / 0x0107b2b: 00 != 44
  231. 2534.14dc: 00007ff61f917b2c / 0x0107b2c: 00 != 49
  232. 2534.14dc: 00007ff61f917b2d / 0x0107b2d: 00 != 4e
  233. 2534.14dc: 00007ff61f917b2e / 0x0107b2e: 00 != 47
  234. 2534.14dc: 00007ff61f917b2f / 0x0107b2f: 00 != 58
  235. 2534.14dc: 00007ff61f917b30 / 0x0107b30: 00 != 58
  236. 2534.14dc: 00007ff61f917b31 / 0x0107b31: 00 != 50
  237. 2534.14dc: 00007ff61f917b32 / 0x0107b32: 00 != 41
  238. 2534.14dc: 00007ff61f917b33 / 0x0107b33: 00 != 44
  239. 2534.14dc: 00007ff61f917b34 / 0x0107b34: 00 != 44
  240. 2534.14dc: 00007ff61f917b35 / 0x0107b35: 00 != 49
  241. 2534.14dc: 00007ff61f917b36 / 0x0107b36: 00 != 4e
  242. 2534.14dc: 00007ff61f917b37 / 0x0107b37: 00 != 47
  243. 2534.14dc: 00007ff61f917b38 / 0x0107b38: 00 != 50
  244. 2534.14dc: 00007ff61f917b39 / 0x0107b39: 00 != 41
  245. 2534.14dc: 00007ff61f917b3a / 0x0107b3a: 00 != 44
  246. 2534.14dc: 00007ff61f917b3b / 0x0107b3b: 00 != 44
  247. 2534.14dc: 00007ff61f917b3c / 0x0107b3c: 00 != 49
  248. 2534.14dc: 00007ff61f917b3d / 0x0107b3d: 00 != 4e
  249. 2534.14dc: 00007ff61f917b3e / 0x0107b3e: 00 != 47
  250. 2534.14dc: 00007ff61f917b3f / 0x0107b3f: 00 != 58
  251. 2534.14dc: 00007ff61f917b40 / 0x0107b40: 00 != 58
  252. 2534.14dc: 00007ff61f917b41 / 0x0107b41: 00 != 50
  253. 2534.14dc: 00007ff61f917b42 / 0x0107b42: 00 != 41
  254. 2534.14dc: 00007ff61f917b43 / 0x0107b43: 00 != 44
  255. 2534.14dc: 00007ff61f917b44 / 0x0107b44: 00 != 44
  256. 2534.14dc: 00007ff61f917b45 / 0x0107b45: 00 != 49
  257. 2534.14dc: 00007ff61f917b46 / 0x0107b46: 00 != 4e
  258. 2534.14dc: 00007ff61f917b47 / 0x0107b47: 00 != 47
  259. 2534.14dc: 00007ff61f917b48 / 0x0107b48: 00 != 50
  260. 2534.14dc: 00007ff61f917b49 / 0x0107b49: 00 != 41
  261. 2534.14dc: 00007ff61f917b4a / 0x0107b4a: 00 != 44
  262. 2534.14dc: 00007ff61f917b4b / 0x0107b4b: 00 != 44
  263. 2534.14dc: 00007ff61f917b4c / 0x0107b4c: 00 != 49
  264. 2534.14dc: 00007ff61f917b4d / 0x0107b4d: 00 != 4e
  265. 2534.14dc: 00007ff61f917b4e / 0x0107b4e: 00 != 47
  266. 2534.14dc: 00007ff61f917b4f / 0x0107b4f: 00 != 58
  267. 2534.14dc: 00007ff61f917b50 / 0x0107b50: 00 != 58
  268. 2534.14dc: 00007ff61f917b51 / 0x0107b51: 00 != 50
  269. 2534.14dc: 00007ff61f917b52 / 0x0107b52: 00 != 41
  270. 2534.14dc: 00007ff61f917b53 / 0x0107b53: 00 != 44
  271. 2534.14dc: 00007ff61f917b54 / 0x0107b54: 00 != 44
  272. 2534.14dc: 00007ff61f917b55 / 0x0107b55: 00 != 49
  273. 2534.14dc: 00007ff61f917b56 / 0x0107b56: 00 != 4e
  274. 2534.14dc: 00007ff61f917b57 / 0x0107b57: 00 != 47
  275. 2534.14dc: 00007ff61f917b58 / 0x0107b58: 00 != 50
  276. 2534.14dc: 00007ff61f917b59 / 0x0107b59: 00 != 41
  277. 2534.14dc: 00007ff61f917b5a / 0x0107b5a: 00 != 44
  278. 2534.14dc: 00007ff61f917b5b / 0x0107b5b: 00 != 44
  279. 2534.14dc: 00007ff61f917b5c / 0x0107b5c: 00 != 49
  280. 2534.14dc: 00007ff61f917b5d / 0x0107b5d: 00 != 4e
  281. 2534.14dc: 00007ff61f917b5e / 0x0107b5e: 00 != 47
  282. 2534.14dc: 00007ff61f917b5f / 0x0107b5f: 00 != 58
  283. 2534.14dc: 00007ff61f917b60 / 0x0107b60: 00 != 58
  284. 2534.14dc: 00007ff61f917b61 / 0x0107b61: 00 != 50
  285. 2534.14dc: 00007ff61f917b62 / 0x0107b62: 00 != 41
  286. 2534.14dc: 00007ff61f917b63 / 0x0107b63: 00 != 44
  287. 2534.14dc: 00007ff61f917b64 / 0x0107b64: 00 != 44
  288. 2534.14dc: 00007ff61f917b65 / 0x0107b65: 00 != 49
  289. 2534.14dc: 00007ff61f917b66 / 0x0107b66: 00 != 4e
  290. 2534.14dc: 00007ff61f917b67 / 0x0107b67: 00 != 47
  291. 2534.14dc: 00007ff61f917b68 / 0x0107b68: 00 != 50
  292. 2534.14dc: 00007ff61f917b69 / 0x0107b69: 00 != 41
  293. 2534.14dc: 00007ff61f917b6a / 0x0107b6a: 00 != 44
  294. 2534.14dc: 00007ff61f917b6b / 0x0107b6b: 00 != 44
  295. 2534.14dc: 00007ff61f917b6c / 0x0107b6c: 00 != 49
  296. 2534.14dc: 00007ff61f917b6d / 0x0107b6d: 00 != 4e
  297. 2534.14dc: 00007ff61f917b6e / 0x0107b6e: 00 != 47
  298. 2534.14dc: 00007ff61f917b6f / 0x0107b6f: 00 != 58
  299. 2534.14dc: 00007ff61f917b70 / 0x0107b70: 00 != 58
  300. 2534.14dc: 00007ff61f917b71 / 0x0107b71: 00 != 50
  301. 2534.14dc: 00007ff61f917b72 / 0x0107b72: 00 != 41
  302. 2534.14dc: 00007ff61f917b73 / 0x0107b73: 00 != 44
  303. 2534.14dc: 00007ff61f917b74 / 0x0107b74: 00 != 44
  304. 2534.14dc: 00007ff61f917b75 / 0x0107b75: 00 != 49
  305. 2534.14dc: 00007ff61f917b76 / 0x0107b76: 00 != 4e
  306. 2534.14dc: 00007ff61f917b77 / 0x0107b77: 00 != 47
  307. 2534.14dc: 00007ff61f917b78 / 0x0107b78: 00 != 50
  308. 2534.14dc: 00007ff61f917b79 / 0x0107b79: 00 != 41
  309. 2534.14dc: 00007ff61f917b7a / 0x0107b7a: 00 != 44
  310. 2534.14dc: 00007ff61f917b7b / 0x0107b7b: 00 != 44
  311. 2534.14dc: 00007ff61f917b7c / 0x0107b7c: 00 != 49
  312. 2534.14dc: 00007ff61f917b7d / 0x0107b7d: 00 != 4e
  313. 2534.14dc: 00007ff61f917b7e / 0x0107b7e: 00 != 47
  314. 2534.14dc: 00007ff61f917b7f / 0x0107b7f: 00 != 58
  315. 2534.14dc: 00007ff61f917b80 / 0x0107b80: 00 != 58
  316. 2534.14dc: 00007ff61f917b81 / 0x0107b81: 00 != 50
  317. 2534.14dc: 00007ff61f917b82 / 0x0107b82: 00 != 41
  318. 2534.14dc: 00007ff61f917b83 / 0x0107b83: 00 != 44
  319. 2534.14dc: 00007ff61f917b84 / 0x0107b84: 00 != 44
  320. 2534.14dc: 00007ff61f917b85 / 0x0107b85: 00 != 49
  321. 2534.14dc: 00007ff61f917b86 / 0x0107b86: 00 != 4e
  322. 2534.14dc: 00007ff61f917b87 / 0x0107b87: 00 != 47
  323. 2534.14dc: 00007ff61f917b88 / 0x0107b88: 00 != 50
  324. 2534.14dc: 00007ff61f917b89 / 0x0107b89: 00 != 41
  325. 2534.14dc: 00007ff61f917b8a / 0x0107b8a: 00 != 44
  326. 2534.14dc: 00007ff61f917b8b / 0x0107b8b: 00 != 44
  327. 2534.14dc: 00007ff61f917b8c / 0x0107b8c: 00 != 49
  328. 2534.14dc: 00007ff61f917b8d / 0x0107b8d: 00 != 4e
  329. 2534.14dc: 00007ff61f917b8e / 0x0107b8e: 00 != 47
  330. 2534.14dc: 00007ff61f917b8f / 0x0107b8f: 00 != 58
  331. 2534.14dc: 00007ff61f917b90 / 0x0107b90: 00 != 58
  332. 2534.14dc: 00007ff61f917b91 / 0x0107b91: 00 != 50
  333. 2534.14dc: 00007ff61f917b92 / 0x0107b92: 00 != 41
  334. 2534.14dc: 00007ff61f917b93 / 0x0107b93: 00 != 44
  335. 2534.14dc: 00007ff61f917b94 / 0x0107b94: 00 != 44
  336. 2534.14dc: 00007ff61f917b95 / 0x0107b95: 00 != 49
  337. 2534.14dc: 00007ff61f917b96 / 0x0107b96: 00 != 4e
  338. 2534.14dc: 00007ff61f917b97 / 0x0107b97: 00 != 47
  339. 2534.14dc: 00007ff61f917b98 / 0x0107b98: 00 != 50
  340. 2534.14dc: 00007ff61f917b99 / 0x0107b99: 00 != 41
  341. 2534.14dc: 00007ff61f917b9a / 0x0107b9a: 00 != 44
  342. 2534.14dc: 00007ff61f917b9b / 0x0107b9b: 00 != 44
  343. 2534.14dc: 00007ff61f917b9c / 0x0107b9c: 00 != 49
  344. 2534.14dc: 00007ff61f917b9d / 0x0107b9d: 00 != 4e
  345. 2534.14dc: 00007ff61f917b9e / 0x0107b9e: 00 != 47
  346. 2534.14dc: 00007ff61f917b9f / 0x0107b9f: 00 != 58
  347. 2534.14dc: 00007ff61f917ba0 / 0x0107ba0: 00 != 58
  348. 2534.14dc: 00007ff61f917ba1 / 0x0107ba1: 00 != 50
  349. 2534.14dc: 00007ff61f917ba2 / 0x0107ba2: 00 != 41
  350. 2534.14dc: 00007ff61f917ba3 / 0x0107ba3: 00 != 44
  351. 2534.14dc: 00007ff61f917ba4 / 0x0107ba4: 00 != 44
  352. 2534.14dc: 00007ff61f917ba5 / 0x0107ba5: 00 != 49
  353. 2534.14dc: 00007ff61f917ba6 / 0x0107ba6: 00 != 4e
  354. 2534.14dc: 00007ff61f917ba7 / 0x0107ba7: 00 != 47
  355. 2534.14dc: 00007ff61f917ba8 / 0x0107ba8: 00 != 50
  356. 2534.14dc: 00007ff61f917ba9 / 0x0107ba9: 00 != 41
  357. 2534.14dc: 00007ff61f917baa / 0x0107baa: 00 != 44
  358. 2534.14dc: 00007ff61f917bab / 0x0107bab: 00 != 44
  359. 2534.14dc: 00007ff61f917bac / 0x0107bac: 00 != 49
  360. 2534.14dc: 00007ff61f917bad / 0x0107bad: 00 != 4e
  361. 2534.14dc: 00007ff61f917bae / 0x0107bae: 00 != 47
  362. 2534.14dc: 00007ff61f917baf / 0x0107baf: 00 != 58
  363. 2534.14dc: 00007ff61f917bb0 / 0x0107bb0: 00 != 58
  364. 2534.14dc: 00007ff61f917bb1 / 0x0107bb1: 00 != 50
  365. 2534.14dc: 00007ff61f917bb2 / 0x0107bb2: 00 != 41
  366. 2534.14dc: 00007ff61f917bb3 / 0x0107bb3: 00 != 44
  367. 2534.14dc: 00007ff61f917bb4 / 0x0107bb4: 00 != 44
  368. 2534.14dc: 00007ff61f917bb5 / 0x0107bb5: 00 != 49
  369. 2534.14dc: 00007ff61f917bb6 / 0x0107bb6: 00 != 4e
  370. 2534.14dc: 00007ff61f917bb7 / 0x0107bb7: 00 != 47
  371. 2534.14dc: 00007ff61f917bb8 / 0x0107bb8: 00 != 50
  372. 2534.14dc: 00007ff61f917bb9 / 0x0107bb9: 00 != 41
  373. 2534.14dc: 00007ff61f917bba / 0x0107bba: 00 != 44
  374. 2534.14dc: 00007ff61f917bbb / 0x0107bbb: 00 != 44
  375. 2534.14dc: 00007ff61f917bbc / 0x0107bbc: 00 != 49
  376. 2534.14dc: 00007ff61f917bbd / 0x0107bbd: 00 != 4e
  377. 2534.14dc: 00007ff61f917bbe / 0x0107bbe: 00 != 47
  378. 2534.14dc: 00007ff61f917bbf / 0x0107bbf: 00 != 58
  379. 2534.14dc: 00007ff61f917bc0 / 0x0107bc0: 00 != 58
  380. 2534.14dc: 00007ff61f917bc1 / 0x0107bc1: 00 != 50
  381. 2534.14dc: 00007ff61f917bc2 / 0x0107bc2: 00 != 41
  382. 2534.14dc: 00007ff61f917bc3 / 0x0107bc3: 00 != 44
  383. 2534.14dc: 00007ff61f917bc4 / 0x0107bc4: 00 != 44
  384. 2534.14dc: 00007ff61f917bc5 / 0x0107bc5: 00 != 49
  385. 2534.14dc: 00007ff61f917bc6 / 0x0107bc6: 00 != 4e
  386. 2534.14dc: 00007ff61f917bc7 / 0x0107bc7: 00 != 47
  387. 2534.14dc: 00007ff61f917bc8 / 0x0107bc8: 00 != 50
  388. 2534.14dc: 00007ff61f917bc9 / 0x0107bc9: 00 != 41
  389. 2534.14dc: 00007ff61f917bca / 0x0107bca: 00 != 44
  390. 2534.14dc: 00007ff61f917bcb / 0x0107bcb: 00 != 44
  391. 2534.14dc: 00007ff61f917bcc / 0x0107bcc: 00 != 49
  392. 2534.14dc: 00007ff61f917bcd / 0x0107bcd: 00 != 4e
  393. 2534.14dc: 00007ff61f917bce / 0x0107bce: 00 != 47
  394. 2534.14dc: 00007ff61f917bcf / 0x0107bcf: 00 != 58
  395. 2534.14dc: 00007ff61f917bd0 / 0x0107bd0: 00 != 58
  396. 2534.14dc: 00007ff61f917bd1 / 0x0107bd1: 00 != 50
  397. 2534.14dc: 00007ff61f917bd2 / 0x0107bd2: 00 != 41
  398. 2534.14dc: 00007ff61f917bd3 / 0x0107bd3: 00 != 44
  399. 2534.14dc: 00007ff61f917bd4 / 0x0107bd4: 00 != 44
  400. 2534.14dc: 00007ff61f917bd5 / 0x0107bd5: 00 != 49
  401. 2534.14dc: 00007ff61f917bd6 / 0x0107bd6: 00 != 4e
  402. 2534.14dc: 00007ff61f917bd7 / 0x0107bd7: 00 != 47
  403. 2534.14dc: 00007ff61f917bd8 / 0x0107bd8: 00 != 50
  404. 2534.14dc: 00007ff61f917bd9 / 0x0107bd9: 00 != 41
  405. 2534.14dc: 00007ff61f917bda / 0x0107bda: 00 != 44
  406. 2534.14dc: 00007ff61f917bdb / 0x0107bdb: 00 != 44
  407. 2534.14dc: 00007ff61f917bdc / 0x0107bdc: 00 != 49
  408. 2534.14dc: 00007ff61f917bdd / 0x0107bdd: 00 != 4e
  409. 2534.14dc: 00007ff61f917bde / 0x0107bde: 00 != 47
  410. 2534.14dc: 00007ff61f917bdf / 0x0107bdf: 00 != 58
  411. 2534.14dc: 00007ff61f917be0 / 0x0107be0: 00 != 58
  412. 2534.14dc: 00007ff61f917be1 / 0x0107be1: 00 != 50
  413. 2534.14dc: 00007ff61f917be2 / 0x0107be2: 00 != 41
  414. 2534.14dc: 00007ff61f917be3 / 0x0107be3: 00 != 44
  415. 2534.14dc: 00007ff61f917be4 / 0x0107be4: 00 != 44
  416. 2534.14dc: 00007ff61f917be5 / 0x0107be5: 00 != 49
  417. 2534.14dc: 00007ff61f917be6 / 0x0107be6: 00 != 4e
  418. 2534.14dc: 00007ff61f917be7 / 0x0107be7: 00 != 47
  419. 2534.14dc: 00007ff61f917be8 / 0x0107be8: 00 != 50
  420. 2534.14dc: 00007ff61f917be9 / 0x0107be9: 00 != 41
  421. 2534.14dc: 00007ff61f917bea / 0x0107bea: 00 != 44
  422. 2534.14dc: 00007ff61f917beb / 0x0107beb: 00 != 44
  423. 2534.14dc: 00007ff61f917bec / 0x0107bec: 00 != 49
  424. 2534.14dc: 00007ff61f917bed / 0x0107bed: 00 != 4e
  425. 2534.14dc: 00007ff61f917bee / 0x0107bee: 00 != 47
  426. 2534.14dc: 00007ff61f917bef / 0x0107bef: 00 != 58
  427. 2534.14dc: 00007ff61f917bf0 / 0x0107bf0: 00 != 58
  428. 2534.14dc: 00007ff61f917bf1 / 0x0107bf1: 00 != 50
  429. 2534.14dc: 00007ff61f917bf2 / 0x0107bf2: 00 != 41
  430. 2534.14dc: 00007ff61f917bf3 / 0x0107bf3: 00 != 44
  431. 2534.14dc: 00007ff61f917bf4 / 0x0107bf4: 00 != 44
  432. 2534.14dc: 00007ff61f917bf5 / 0x0107bf5: 00 != 49
  433. 2534.14dc: 00007ff61f917bf6 / 0x0107bf6: 00 != 4e
  434. 2534.14dc: 00007ff61f917bf7 / 0x0107bf7: 00 != 47
  435. 2534.14dc: 00007ff61f917bf8 / 0x0107bf8: 00 != 50
  436. 2534.14dc: 00007ff61f917bf9 / 0x0107bf9: 00 != 41
  437. 2534.14dc: 00007ff61f917bfa / 0x0107bfa: 00 != 44
  438. 2534.14dc: 00007ff61f917bfb / 0x0107bfb: 00 != 44
  439. 2534.14dc: 00007ff61f917bfc / 0x0107bfc: 00 != 49
  440. 2534.14dc: 00007ff61f917bfd / 0x0107bfd: 00 != 4e
  441. 2534.14dc: 00007ff61f917bfe / 0x0107bfe: 00 != 47
  442. 2534.14dc: 00007ff61f917bff / 0x0107bff: 00 != 58
  443. 2534.14dc: Restored 0x4d8 bytes of original file content at 00007ff61f917b28
  444. 2534.14dc: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
  445. 2534.14dc: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:
  446. 2534.14dc: 00007ffbd8eaf000 / 0x019f000: 90 != b0
  447. 2534.14dc: 00007ffbd8eaf001 / 0x019f001: 40 != f3
  448. 2534.14dc: 00007ffbd8eaf002 / 0x019f002: db != d9
  449. 2534.14dc: 00007ffbd8eaf008 / 0x019f008: 60 != 70
  450. 2534.14dc: 00007ffbd8eaf009 / 0x019f009: f1 != f2
  451. 2534.14dc: 00007ffbd8eaf011 / 0x019f011: 40 != f3
  452. 2534.14dc: 00007ffbd8eaf012 / 0x019f012: db != d9
  453. 2534.14dc: 00007ffbd8eaf019 / 0x019f019: 40 != f3
  454. 2534.14dc: 00007ffbd8eaf01a / 0x019f01a: db != d9
  455. 2534.14dc: Restored 0x28 bytes of original file content at 00007ffbd8eaf000
  456. 2534.14dc: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
  457. 2534.14dc: 00007ffbd78f66d8 / 0x00866d8: 10 != 70
  458. 2534.14dc: 00007ffbd78f66d9 / 0x00866d9: 01 != f2
  459. 2534.14dc: 00007ffbd78f66da / 0x00866da: 89 != d9
  460. 2534.14dc: 00007ffbd78f66db / 0x00866db: d7 != d8
  461. 2534.14dc: 00007ffbd78f66e0 / 0x00866e0: f0 != b0
  462. 2534.14dc: 00007ffbd78f66e1 / 0x00866e1: 42 != f3
  463. 2534.14dc: 00007ffbd78f66e2 / 0x00866e2: 89 != d9
  464. 2534.14dc: 00007ffbd78f66e3 / 0x00866e3: d7 != d8
  465. 2534.14dc: 00007ffbd78f66e8 / 0x00866e8: 10 != 70
  466. 2534.14dc: 00007ffbd78f66e9 / 0x00866e9: 01 != f2
  467. 2534.14dc: 00007ffbd78f66ea / 0x00866ea: 89 != d9
  468. 2534.14dc: 00007ffbd78f66eb / 0x00866eb: d7 != d8
  469. 2534.14dc: 00007ffbd78f66f0 / 0x00866f0: 10 != b0
  470. 2534.14dc: 00007ffbd78f66f1 / 0x00866f1: 43 != f3
  471. 2534.14dc: 00007ffbd78f66f2 / 0x00866f2: 89 != d9
  472. 2534.14dc: 00007ffbd78f66f3 / 0x00866f3: d7 != d8
  473. 2534.14dc: 00007ffbd78f66f8 / 0x00866f8: 10 != b0
  474. 2534.14dc: 00007ffbd78f66f9 / 0x00866f9: 43 != f3
  475. 2534.14dc: 00007ffbd78f66fa / 0x00866fa: 89 != d9
  476. 2534.14dc: 00007ffbd78f66fb / 0x00866fb: d7 != d8
  477. 2534.14dc: Restored 0x2000 bytes of original file content at 00007ffbd78f6000
  478. 2534.14dc: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
  479. 2534.14dc: 00007ffbd60d5f88 / 0x0285f88: a0 != 70
  480. 2534.14dc: 00007ffbd60d5f89 / 0x0285f89: 25 != f2
  481. 2534.14dc: 00007ffbd60d5f8a / 0x0285f8a: f4 != d9
  482. 2534.14dc: 00007ffbd60d5f8b / 0x0285f8b: d5 != d8
  483. 2534.14dc: 00007ffbd60d5f90 / 0x0285f90: 50 != b0
  484. 2534.14dc: 00007ffbd60d5f91 / 0x0285f91: 29 != f3
  485. 2534.14dc: 00007ffbd60d5f92 / 0x0285f92: f4 != d9
  486. 2534.14dc: 00007ffbd60d5f93 / 0x0285f93: d5 != d8
  487. 2534.14dc: 00007ffbd60d5f98 / 0x0285f98: a0 != 70
  488. 2534.14dc: 00007ffbd60d5f99 / 0x0285f99: 25 != f2
  489. 2534.14dc: 00007ffbd60d5f9a / 0x0285f9a: f4 != d9
  490. 2534.14dc: 00007ffbd60d5f9b / 0x0285f9b: d5 != d8
  491. 2534.14dc: 00007ffbd60d5fa0 / 0x0285fa0: 70 != b0
  492. 2534.14dc: 00007ffbd60d5fa1 / 0x0285fa1: 29 != f3
  493. 2534.14dc: 00007ffbd60d5fa2 / 0x0285fa2: f4 != d9
  494. 2534.14dc: 00007ffbd60d5fa3 / 0x0285fa3: d5 != d8
  495. 2534.14dc: 00007ffbd60d5fa8 / 0x0285fa8: 70 != b0
  496. 2534.14dc: 00007ffbd60d5fa9 / 0x0285fa9: 29 != f3
  497. 2534.14dc: 00007ffbd60d5faa / 0x0285faa: f4 != d9
  498. 2534.14dc: 00007ffbd60d5fab / 0x0285fab: d5 != d8
  499. 2534.14dc: Restored 0x2000 bytes of original file content at 00007ffbd60d5000
  500. 2534.14dc: supHardNtVpCheckHandles:
  501. 2534.14dc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=5
  502. 2534.14dc: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  503. 2534.14dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  504. 2534.14dc: supR3HardNtEnableThreadCreationEx:
  505. 2534.14dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbd8d84440 pvNtTerminateThread=00007ffbd8db0e30
  506. 2534.14dc: supR3HardenedWinDoReSpawn(1): New child 46ec.54b0 [kernel32].
  507. 2534.14dc: supR3HardNtChildGatherData: PebBaseAddress=000000af28088000 cbPeb=0x388
  508. 2534.14dc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbd8d10000 uNtDllChildAddr=00007ffbd8d10000
  509. 2534.14dc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbd8d84440
  510. 2534.14dc: supR3HardenedWinSetupChildInit: Initial context:
  511. rax=0000000000000000 rbx=0000000000000000 rcx=00007ff61f81b850 rdx=000000af28088000
  512. rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  513. r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  514. r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
  515. rip=00007ffbd8d6af10 rsp=000000af27fffef8 rbp=0000000000000000 ctxflags=0010001b
  516. cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
  517. P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
  518. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  519. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  520. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
  521. 2534.14dc: supR3HardenedWinSetupChildInit: Start child.
  522. 2534.14dc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  523. 2534.14dc: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 16 sleeps
  524. 2534.14dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  525. 2534.14dc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  526. 2534.14dc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  527. 2534.14dc: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
  528. 2534.14dc: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
  529. 2534.14dc: 000000007ffea000-000000af27efffff 0x0001/0x0000 0x0000000
  530. 2534.14dc: *000000af27f00000-000000af27ffafff 0x0000/0x0004 0x0020000
  531. 2534.14dc: 000000af27ffb000-000000af27ffdfff 0x0104/0x0004 0x0020000
  532. 2534.14dc: 000000af27ffe000-000000af27ffffff 0x0004/0x0004 0x0020000
  533. 2534.14dc: *000000af28000000-000000af28087fff 0x0000/0x0004 0x0020000
  534. 2534.14dc: 000000af28088000-000000af2808afff 0x0004/0x0004 0x0020000
  535. 2534.14dc: 000000af2808b000-000000af281fffff 0x0000/0x0004 0x0020000
  536. 2534.14dc: 000000af28200000-000002855f25ffff 0x0001/0x0000 0x0000000
  537. 2534.14dc: *000002855f260000-000002855f27ffff 0x0004/0x0004 0x0020000
  538. 2534.14dc: *000002855f280000-000002855f29efff 0x0002/0x0002 0x0040000
  539. 2534.14dc: 000002855f29f000-000002855f29ffff 0x0001/0x0000 0x0000000
  540. 2534.14dc: *000002855f2a0000-000002855f2a3fff 0x0002/0x0002 0x0040000
  541. 2534.14dc: 000002855f2a4000-000002855f2affff 0x0001/0x0000 0x0000000
  542. 2534.14dc: *000002855f2b0000-000002855f2b0fff 0x0002/0x0002 0x0040000
  543. 2534.14dc: 000002855f2b1000-000002855f2bffff 0x0001/0x0000 0x0000000
  544. 2534.14dc: *000002855f2c0000-000002855f2c1fff 0x0004/0x0004 0x0020000
  545. 2534.14dc: 000002855f2c2000-00007df54badffff 0x0001/0x0000 0x0000000
  546. 2534.14dc: *00007df54bae0000-00007df54bae0fff 0x0002/0x0002 0x0040000
  547. 2534.14dc: 00007df54bae1000-00007df54baeffff 0x0001/0x0000 0x0000000
  548. 2534.14dc: *00007df54baf0000-00007df54cf72fff 0x0000/0x0001 0x0040000
  549. 2534.14dc: 00007df54cf73000-00007df54d041fff 0x0001/0x0001 0x0040000
  550. 2534.14dc: 00007df54d042000-00007df54d8d6fff 0x0000/0x0001 0x0040000
  551. 2534.14dc: 00007df54d8d7000-00007df54d8d7fff 0x0001/0x0001 0x0040000
  552. 2534.14dc: 00007df54d8d8000-00007ff5242cffff 0x0000/0x0001 0x0040000
  553. 2534.14dc: 00007ff5242d0000-00007ff5242d4fff 0x0002/0x0001 0x0040000
  554. 2534.14dc: 00007ff5242d5000-00007ff537420fff 0x0000/0x0001 0x0040000
  555. 2534.14dc: 00007ff537421000-00007ff53b123fff 0x0001/0x0001 0x0040000
  556. 2534.14dc: 00007ff53b124000-00007ff53b12cfff 0x0002/0x0001 0x0040000
  557. 2534.14dc: 00007ff53b12d000-00007ff54baeffff 0x0000/0x0001 0x0040000
  558. 2534.14dc: 00007ff54baf0000-00007ff61f80ffff 0x0001/0x0000 0x0000000
  559. 2534.14dc: *00007ff61f810000-00007ff61f810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  560. 2534.14dc: 00007ff61f811000-00007ff61f87bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  561. 2534.14dc: 00007ff61f87c000-00007ff61f87cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  562. 2534.14dc: 00007ff61f87d000-00007ff61f8d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  563. 2534.14dc: 00007ff61f8d2000-00007ff61f8d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  564. 2534.14dc: 00007ff61f8d3000-00007ff61f8d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  565. 2534.14dc: 00007ff61f8d4000-00007ff61f8d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  566. 2534.14dc: 00007ff61f8d9000-00007ff61f8defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  567. 2534.14dc: 00007ff61f8df000-00007ff61f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  568. 2534.14dc: 00007ff61f91a000-00007ffbd8d0ffff 0x0001/0x0000 0x0000000
  569. 2534.14dc: *00007ffbd8d10000-00007ffbd8d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  570. 2534.14dc: 00007ffbd8d11000-00007ffbd8e41fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  571. 2534.14dc: 00007ffbd8e42000-00007ffbd8e8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  572. 2534.14dc: 00007ffbd8e90000-00007ffbd8e9bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  573. 2534.14dc: 00007ffbd8e9c000-00007ffbd8eaafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  574. 2534.14dc: 00007ffbd8eab000-00007ffbd8eabfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  575. 2534.14dc: 00007ffbd8eac000-00007ffbd8eaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  576. 2534.14dc: 00007ffbd8eaf000-00007ffbd8f26fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  577. 2534.14dc: 00007ffbd8f27000-00007ffffffeffff 0x0001/0x0000 0x0000000
  578. 2534.14dc: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  579. 2534.14dc: 00007ff61f917b28 / 0x0107b28: 00 != 50
  580. 2534.14dc: 00007ff61f917b29 / 0x0107b29: 00 != 41
  581. 2534.14dc: 00007ff61f917b2a / 0x0107b2a: 00 != 44
  582. 2534.14dc: 00007ff61f917b2b / 0x0107b2b: 00 != 44
  583. 2534.14dc: 00007ff61f917b2c / 0x0107b2c: 00 != 49
  584. 2534.14dc: 00007ff61f917b2d / 0x0107b2d: 00 != 4e
  585. 2534.14dc: 00007ff61f917b2e / 0x0107b2e: 00 != 47
  586. 2534.14dc: 00007ff61f917b2f / 0x0107b2f: 00 != 58
  587. 2534.14dc: 00007ff61f917b30 / 0x0107b30: 00 != 58
  588. 2534.14dc: 00007ff61f917b31 / 0x0107b31: 00 != 50
  589. 2534.14dc: 00007ff61f917b32 / 0x0107b32: 00 != 41
  590. 2534.14dc: 00007ff61f917b33 / 0x0107b33: 00 != 44
  591. 2534.14dc: 00007ff61f917b34 / 0x0107b34: 00 != 44
  592. 2534.14dc: 00007ff61f917b35 / 0x0107b35: 00 != 49
  593. 2534.14dc: 00007ff61f917b36 / 0x0107b36: 00 != 4e
  594. 2534.14dc: 00007ff61f917b37 / 0x0107b37: 00 != 47
  595. 2534.14dc: 00007ff61f917b38 / 0x0107b38: 00 != 50
  596. 2534.14dc: 00007ff61f917b39 / 0x0107b39: 00 != 41
  597. 2534.14dc: 00007ff61f917b3a / 0x0107b3a: 00 != 44
  598. 2534.14dc: 00007ff61f917b3b / 0x0107b3b: 00 != 44
  599. 2534.14dc: 00007ff61f917b3c / 0x0107b3c: 00 != 49
  600. 2534.14dc: 00007ff61f917b3d / 0x0107b3d: 00 != 4e
  601. 2534.14dc: 00007ff61f917b3e / 0x0107b3e: 00 != 47
  602. 2534.14dc: 00007ff61f917b3f / 0x0107b3f: 00 != 58
  603. 2534.14dc: 00007ff61f917b40 / 0x0107b40: 00 != 58
  604. 2534.14dc: 00007ff61f917b41 / 0x0107b41: 00 != 50
  605. 2534.14dc: 00007ff61f917b42 / 0x0107b42: 00 != 41
  606. 2534.14dc: 00007ff61f917b43 / 0x0107b43: 00 != 44
  607. 2534.14dc: 00007ff61f917b44 / 0x0107b44: 00 != 44
  608. 2534.14dc: 00007ff61f917b45 / 0x0107b45: 00 != 49
  609. 2534.14dc: 00007ff61f917b46 / 0x0107b46: 00 != 4e
  610. 2534.14dc: 00007ff61f917b47 / 0x0107b47: 00 != 47
  611. 2534.14dc: 00007ff61f917b48 / 0x0107b48: 00 != 50
  612. 2534.14dc: 00007ff61f917b49 / 0x0107b49: 00 != 41
  613. 2534.14dc: 00007ff61f917b4a / 0x0107b4a: 00 != 44
  614. 2534.14dc: 00007ff61f917b4b / 0x0107b4b: 00 != 44
  615. 2534.14dc: 00007ff61f917b4c / 0x0107b4c: 00 != 49
  616. 2534.14dc: 00007ff61f917b4d / 0x0107b4d: 00 != 4e
  617. 2534.14dc: 00007ff61f917b4e / 0x0107b4e: 00 != 47
  618. 2534.14dc: 00007ff61f917b4f / 0x0107b4f: 00 != 58
  619. 2534.14dc: 00007ff61f917b50 / 0x0107b50: 00 != 58
  620. 2534.14dc: 00007ff61f917b51 / 0x0107b51: 00 != 50
  621. 2534.14dc: 00007ff61f917b52 / 0x0107b52: 00 != 41
  622. 2534.14dc: 00007ff61f917b53 / 0x0107b53: 00 != 44
  623. 2534.14dc: 00007ff61f917b54 / 0x0107b54: 00 != 44
  624. 2534.14dc: 00007ff61f917b55 / 0x0107b55: 00 != 49
  625. 2534.14dc: 00007ff61f917b56 / 0x0107b56: 00 != 4e
  626. 2534.14dc: 00007ff61f917b57 / 0x0107b57: 00 != 47
  627. 2534.14dc: 00007ff61f917b58 / 0x0107b58: 00 != 50
  628. 2534.14dc: 00007ff61f917b59 / 0x0107b59: 00 != 41
  629. 2534.14dc: 00007ff61f917b5a / 0x0107b5a: 00 != 44
  630. 2534.14dc: 00007ff61f917b5b / 0x0107b5b: 00 != 44
  631. 2534.14dc: 00007ff61f917b5c / 0x0107b5c: 00 != 49
  632. 2534.14dc: 00007ff61f917b5d / 0x0107b5d: 00 != 4e
  633. 2534.14dc: 00007ff61f917b5e / 0x0107b5e: 00 != 47
  634. 2534.14dc: 00007ff61f917b5f / 0x0107b5f: 00 != 58
  635. 2534.14dc: 00007ff61f917b60 / 0x0107b60: 00 != 58
  636. 2534.14dc: 00007ff61f917b61 / 0x0107b61: 00 != 50
  637. 2534.14dc: 00007ff61f917b62 / 0x0107b62: 00 != 41
  638. 2534.14dc: 00007ff61f917b63 / 0x0107b63: 00 != 44
  639. 2534.14dc: 00007ff61f917b64 / 0x0107b64: 00 != 44
  640. 2534.14dc: 00007ff61f917b65 / 0x0107b65: 00 != 49
  641. 2534.14dc: 00007ff61f917b66 / 0x0107b66: 00 != 4e
  642. 2534.14dc: 00007ff61f917b67 / 0x0107b67: 00 != 47
  643. 2534.14dc: 00007ff61f917b68 / 0x0107b68: 00 != 50
  644. 2534.14dc: 00007ff61f917b69 / 0x0107b69: 00 != 41
  645. 2534.14dc: 00007ff61f917b6a / 0x0107b6a: 00 != 44
  646. 2534.14dc: 00007ff61f917b6b / 0x0107b6b: 00 != 44
  647. 2534.14dc: 00007ff61f917b6c / 0x0107b6c: 00 != 49
  648. 2534.14dc: 00007ff61f917b6d / 0x0107b6d: 00 != 4e
  649. 2534.14dc: 00007ff61f917b6e / 0x0107b6e: 00 != 47
  650. 2534.14dc: 00007ff61f917b6f / 0x0107b6f: 00 != 58
  651. 2534.14dc: 00007ff61f917b70 / 0x0107b70: 00 != 58
  652. 2534.14dc: 00007ff61f917b71 / 0x0107b71: 00 != 50
  653. 2534.14dc: 00007ff61f917b72 / 0x0107b72: 00 != 41
  654. 2534.14dc: 00007ff61f917b73 / 0x0107b73: 00 != 44
  655. 2534.14dc: 00007ff61f917b74 / 0x0107b74: 00 != 44
  656. 2534.14dc: 00007ff61f917b75 / 0x0107b75: 00 != 49
  657. 2534.14dc: 00007ff61f917b76 / 0x0107b76: 00 != 4e
  658. 2534.14dc: 00007ff61f917b77 / 0x0107b77: 00 != 47
  659. 2534.14dc: 00007ff61f917b78 / 0x0107b78: 00 != 50
  660. 2534.14dc: 00007ff61f917b79 / 0x0107b79: 00 != 41
  661. 2534.14dc: 00007ff61f917b7a / 0x0107b7a: 00 != 44
  662. 2534.14dc: 00007ff61f917b7b / 0x0107b7b: 00 != 44
  663. 2534.14dc: 00007ff61f917b7c / 0x0107b7c: 00 != 49
  664. 2534.14dc: 00007ff61f917b7d / 0x0107b7d: 00 != 4e
  665. 2534.14dc: 00007ff61f917b7e / 0x0107b7e: 00 != 47
  666. 2534.14dc: 00007ff61f917b7f / 0x0107b7f: 00 != 58
  667. 2534.14dc: 00007ff61f917b80 / 0x0107b80: 00 != 58
  668. 2534.14dc: 00007ff61f917b81 / 0x0107b81: 00 != 50
  669. 2534.14dc: 00007ff61f917b82 / 0x0107b82: 00 != 41
  670. 2534.14dc: 00007ff61f917b83 / 0x0107b83: 00 != 44
  671. 2534.14dc: 00007ff61f917b84 / 0x0107b84: 00 != 44
  672. 2534.14dc: 00007ff61f917b85 / 0x0107b85: 00 != 49
  673. 2534.14dc: 00007ff61f917b86 / 0x0107b86: 00 != 4e
  674. 2534.14dc: 00007ff61f917b87 / 0x0107b87: 00 != 47
  675. 2534.14dc: 00007ff61f917b88 / 0x0107b88: 00 != 50
  676. 2534.14dc: 00007ff61f917b89 / 0x0107b89: 00 != 41
  677. 2534.14dc: 00007ff61f917b8a / 0x0107b8a: 00 != 44
  678. 2534.14dc: 00007ff61f917b8b / 0x0107b8b: 00 != 44
  679. 2534.14dc: 00007ff61f917b8c / 0x0107b8c: 00 != 49
  680. 2534.14dc: 00007ff61f917b8d / 0x0107b8d: 00 != 4e
  681. 2534.14dc: 00007ff61f917b8e / 0x0107b8e: 00 != 47
  682. 2534.14dc: 00007ff61f917b8f / 0x0107b8f: 00 != 58
  683. 2534.14dc: 00007ff61f917b90 / 0x0107b90: 00 != 58
  684. 2534.14dc: 00007ff61f917b91 / 0x0107b91: 00 != 50
  685. 2534.14dc: 00007ff61f917b92 / 0x0107b92: 00 != 41
  686. 2534.14dc: 00007ff61f917b93 / 0x0107b93: 00 != 44
  687. 2534.14dc: 00007ff61f917b94 / 0x0107b94: 00 != 44
  688. 2534.14dc: 00007ff61f917b95 / 0x0107b95: 00 != 49
  689. 2534.14dc: 00007ff61f917b96 / 0x0107b96: 00 != 4e
  690. 2534.14dc: 00007ff61f917b97 / 0x0107b97: 00 != 47
  691. 2534.14dc: 00007ff61f917b98 / 0x0107b98: 00 != 50
  692. 2534.14dc: 00007ff61f917b99 / 0x0107b99: 00 != 41
  693. 2534.14dc: 00007ff61f917b9a / 0x0107b9a: 00 != 44
  694. 2534.14dc: 00007ff61f917b9b / 0x0107b9b: 00 != 44
  695. 2534.14dc: 00007ff61f917b9c / 0x0107b9c: 00 != 49
  696. 2534.14dc: 00007ff61f917b9d / 0x0107b9d: 00 != 4e
  697. 2534.14dc: 00007ff61f917b9e / 0x0107b9e: 00 != 47
  698. 2534.14dc: 00007ff61f917b9f / 0x0107b9f: 00 != 58
  699. 2534.14dc: 00007ff61f917ba0 / 0x0107ba0: 00 != 58
  700. 2534.14dc: 00007ff61f917ba1 / 0x0107ba1: 00 != 50
  701. 2534.14dc: 00007ff61f917ba2 / 0x0107ba2: 00 != 41
  702. 2534.14dc: 00007ff61f917ba3 / 0x0107ba3: 00 != 44
  703. 2534.14dc: 00007ff61f917ba4 / 0x0107ba4: 00 != 44
  704. 2534.14dc: 00007ff61f917ba5 / 0x0107ba5: 00 != 49
  705. 2534.14dc: 00007ff61f917ba6 / 0x0107ba6: 00 != 4e
  706. 2534.14dc: 00007ff61f917ba7 / 0x0107ba7: 00 != 47
  707. 2534.14dc: 00007ff61f917ba8 / 0x0107ba8: 00 != 50
  708. 2534.14dc: 00007ff61f917ba9 / 0x0107ba9: 00 != 41
  709. 2534.14dc: 00007ff61f917baa / 0x0107baa: 00 != 44
  710. 2534.14dc: 00007ff61f917bab / 0x0107bab: 00 != 44
  711. 2534.14dc: 00007ff61f917bac / 0x0107bac: 00 != 49
  712. 2534.14dc: 00007ff61f917bad / 0x0107bad: 00 != 4e
  713. 2534.14dc: 00007ff61f917bae / 0x0107bae: 00 != 47
  714. 2534.14dc: 00007ff61f917baf / 0x0107baf: 00 != 58
  715. 2534.14dc: 00007ff61f917bb0 / 0x0107bb0: 00 != 58
  716. 2534.14dc: 00007ff61f917bb1 / 0x0107bb1: 00 != 50
  717. 2534.14dc: 00007ff61f917bb2 / 0x0107bb2: 00 != 41
  718. 2534.14dc: 00007ff61f917bb3 / 0x0107bb3: 00 != 44
  719. 2534.14dc: 00007ff61f917bb4 / 0x0107bb4: 00 != 44
  720. 2534.14dc: 00007ff61f917bb5 / 0x0107bb5: 00 != 49
  721. 2534.14dc: 00007ff61f917bb6 / 0x0107bb6: 00 != 4e
  722. 2534.14dc: 00007ff61f917bb7 / 0x0107bb7: 00 != 47
  723. 2534.14dc: 00007ff61f917bb8 / 0x0107bb8: 00 != 50
  724. 2534.14dc: 00007ff61f917bb9 / 0x0107bb9: 00 != 41
  725. 2534.14dc: 00007ff61f917bba / 0x0107bba: 00 != 44
  726. 2534.14dc: 00007ff61f917bbb / 0x0107bbb: 00 != 44
  727. 2534.14dc: 00007ff61f917bbc / 0x0107bbc: 00 != 49
  728. 2534.14dc: 00007ff61f917bbd / 0x0107bbd: 00 != 4e
  729. 2534.14dc: 00007ff61f917bbe / 0x0107bbe: 00 != 47
  730. 2534.14dc: 00007ff61f917bbf / 0x0107bbf: 00 != 58
  731. 2534.14dc: 00007ff61f917bc0 / 0x0107bc0: 00 != 58
  732. 2534.14dc: 00007ff61f917bc1 / 0x0107bc1: 00 != 50
  733. 2534.14dc: 00007ff61f917bc2 / 0x0107bc2: 00 != 41
  734. 2534.14dc: 00007ff61f917bc3 / 0x0107bc3: 00 != 44
  735. 2534.14dc: 00007ff61f917bc4 / 0x0107bc4: 00 != 44
  736. 2534.14dc: 00007ff61f917bc5 / 0x0107bc5: 00 != 49
  737. 2534.14dc: 00007ff61f917bc6 / 0x0107bc6: 00 != 4e
  738. 2534.14dc: 00007ff61f917bc7 / 0x0107bc7: 00 != 47
  739. 2534.14dc: 00007ff61f917bc8 / 0x0107bc8: 00 != 50
  740. 2534.14dc: 00007ff61f917bc9 / 0x0107bc9: 00 != 41
  741. 2534.14dc: 00007ff61f917bca / 0x0107bca: 00 != 44
  742. 2534.14dc: 00007ff61f917bcb / 0x0107bcb: 00 != 44
  743. 2534.14dc: 00007ff61f917bcc / 0x0107bcc: 00 != 49
  744. 2534.14dc: 00007ff61f917bcd / 0x0107bcd: 00 != 4e
  745. 2534.14dc: 00007ff61f917bce / 0x0107bce: 00 != 47
  746. 2534.14dc: 00007ff61f917bcf / 0x0107bcf: 00 != 58
  747. 2534.14dc: 00007ff61f917bd0 / 0x0107bd0: 00 != 58
  748. 2534.14dc: 00007ff61f917bd1 / 0x0107bd1: 00 != 50
  749. 2534.14dc: 00007ff61f917bd2 / 0x0107bd2: 00 != 41
  750. 2534.14dc: 00007ff61f917bd3 / 0x0107bd3: 00 != 44
  751. 2534.14dc: 00007ff61f917bd4 / 0x0107bd4: 00 != 44
  752. 2534.14dc: 00007ff61f917bd5 / 0x0107bd5: 00 != 49
  753. 2534.14dc: 00007ff61f917bd6 / 0x0107bd6: 00 != 4e
  754. 2534.14dc: 00007ff61f917bd7 / 0x0107bd7: 00 != 47
  755. 2534.14dc: 00007ff61f917bd8 / 0x0107bd8: 00 != 50
  756. 2534.14dc: 00007ff61f917bd9 / 0x0107bd9: 00 != 41
  757. 2534.14dc: 00007ff61f917bda / 0x0107bda: 00 != 44
  758. 2534.14dc: 00007ff61f917bdb / 0x0107bdb: 00 != 44
  759. 2534.14dc: 00007ff61f917bdc / 0x0107bdc: 00 != 49
  760. 2534.14dc: 00007ff61f917bdd / 0x0107bdd: 00 != 4e
  761. 2534.14dc: 00007ff61f917bde / 0x0107bde: 00 != 47
  762. 2534.14dc: 00007ff61f917bdf / 0x0107bdf: 00 != 58
  763. 2534.14dc: 00007ff61f917be0 / 0x0107be0: 00 != 58
  764. 2534.14dc: 00007ff61f917be1 / 0x0107be1: 00 != 50
  765. 2534.14dc: 00007ff61f917be2 / 0x0107be2: 00 != 41
  766. 2534.14dc: 00007ff61f917be3 / 0x0107be3: 00 != 44
  767. 2534.14dc: 00007ff61f917be4 / 0x0107be4: 00 != 44
  768. 2534.14dc: 00007ff61f917be5 / 0x0107be5: 00 != 49
  769. 2534.14dc: 00007ff61f917be6 / 0x0107be6: 00 != 4e
  770. 2534.14dc: 00007ff61f917be7 / 0x0107be7: 00 != 47
  771. 2534.14dc: 00007ff61f917be8 / 0x0107be8: 00 != 50
  772. 2534.14dc: 00007ff61f917be9 / 0x0107be9: 00 != 41
  773. 2534.14dc: 00007ff61f917bea / 0x0107bea: 00 != 44
  774. 2534.14dc: 00007ff61f917beb / 0x0107beb: 00 != 44
  775. 2534.14dc: 00007ff61f917bec / 0x0107bec: 00 != 49
  776. 2534.14dc: 00007ff61f917bed / 0x0107bed: 00 != 4e
  777. 2534.14dc: 00007ff61f917bee / 0x0107bee: 00 != 47
  778. 2534.14dc: 00007ff61f917bef / 0x0107bef: 00 != 58
  779. 2534.14dc: 00007ff61f917bf0 / 0x0107bf0: 00 != 58
  780. 2534.14dc: 00007ff61f917bf1 / 0x0107bf1: 00 != 50
  781. 2534.14dc: 00007ff61f917bf2 / 0x0107bf2: 00 != 41
  782. 2534.14dc: 00007ff61f917bf3 / 0x0107bf3: 00 != 44
  783. 2534.14dc: 00007ff61f917bf4 / 0x0107bf4: 00 != 44
  784. 2534.14dc: 00007ff61f917bf5 / 0x0107bf5: 00 != 49
  785. 2534.14dc: 00007ff61f917bf6 / 0x0107bf6: 00 != 4e
  786. 2534.14dc: 00007ff61f917bf7 / 0x0107bf7: 00 != 47
  787. 2534.14dc: 00007ff61f917bf8 / 0x0107bf8: 00 != 50
  788. 2534.14dc: 00007ff61f917bf9 / 0x0107bf9: 00 != 41
  789. 2534.14dc: 00007ff61f917bfa / 0x0107bfa: 00 != 44
  790. 2534.14dc: 00007ff61f917bfb / 0x0107bfb: 00 != 44
  791. 2534.14dc: 00007ff61f917bfc / 0x0107bfc: 00 != 49
  792. 2534.14dc: 00007ff61f917bfd / 0x0107bfd: 00 != 4e
  793. 2534.14dc: 00007ff61f917bfe / 0x0107bfe: 00 != 47
  794. 2534.14dc: 00007ff61f917bff / 0x0107bff: 00 != 58
  795. 2534.14dc: Restored 0x4d8 bytes of original file content at 00007ff61f917b28
  796. 2534.14dc: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
  797. 2534.14dc: supR3HardNtChildPurify: Startup delay kludge #1/1: 524 ms, 33 sleeps
  798. 2534.14dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  799. 2534.14dc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  800. 2534.14dc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  801. 2534.14dc: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
  802. 2534.14dc: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
  803. 2534.14dc: 000000007ffea000-000000af27efffff 0x0001/0x0000 0x0000000
  804. 2534.14dc: *000000af27f00000-000000af27ffafff 0x0000/0x0004 0x0020000
  805. 2534.14dc: 000000af27ffb000-000000af27ffdfff 0x0104/0x0004 0x0020000
  806. 2534.14dc: 000000af27ffe000-000000af27ffffff 0x0004/0x0004 0x0020000
  807. 2534.14dc: *000000af28000000-000000af28087fff 0x0000/0x0004 0x0020000
  808. 2534.14dc: 000000af28088000-000000af2808afff 0x0004/0x0004 0x0020000
  809. 2534.14dc: 000000af2808b000-000000af281fffff 0x0000/0x0004 0x0020000
  810. 2534.14dc: 000000af28200000-000002855f25ffff 0x0001/0x0000 0x0000000
  811. 2534.14dc: *000002855f260000-000002855f27ffff 0x0004/0x0004 0x0020000
  812. 2534.14dc: *000002855f280000-000002855f29efff 0x0002/0x0002 0x0040000
  813. 2534.14dc: 000002855f29f000-000002855f29ffff 0x0001/0x0000 0x0000000
  814. 2534.14dc: *000002855f2a0000-000002855f2a3fff 0x0002/0x0002 0x0040000
  815. 2534.14dc: 000002855f2a4000-000002855f2affff 0x0001/0x0000 0x0000000
  816. 2534.14dc: *000002855f2b0000-000002855f2b0fff 0x0002/0x0002 0x0040000
  817. 2534.14dc: 000002855f2b1000-000002855f2bffff 0x0001/0x0000 0x0000000
  818. 2534.14dc: *000002855f2c0000-000002855f2c1fff 0x0004/0x0004 0x0020000
  819. 2534.14dc: 000002855f2c2000-00007df54badffff 0x0001/0x0000 0x0000000
  820. 2534.14dc: *00007df54bae0000-00007df54bae0fff 0x0002/0x0002 0x0040000
  821. 2534.14dc: 00007df54bae1000-00007df54baeffff 0x0001/0x0000 0x0000000
  822. 2534.14dc: *00007df54baf0000-00007df54cf72fff 0x0000/0x0001 0x0040000
  823. 2534.14dc: 00007df54cf73000-00007df54d041fff 0x0001/0x0001 0x0040000
  824. 2534.14dc: 00007df54d042000-00007df54d8d6fff 0x0000/0x0001 0x0040000
  825. 2534.14dc: 00007df54d8d7000-00007df54d8d7fff 0x0001/0x0001 0x0040000
  826. 2534.14dc: 00007df54d8d8000-00007ff5242cffff 0x0000/0x0001 0x0040000
  827. 2534.14dc: 00007ff5242d0000-00007ff5242d4fff 0x0002/0x0001 0x0040000
  828. 2534.14dc: 00007ff5242d5000-00007ff537420fff 0x0000/0x0001 0x0040000
  829. 2534.14dc: 00007ff537421000-00007ff53b123fff 0x0001/0x0001 0x0040000
  830. 2534.14dc: 00007ff53b124000-00007ff53b12cfff 0x0002/0x0001 0x0040000
  831. 2534.14dc: 00007ff53b12d000-00007ff54baeffff 0x0000/0x0001 0x0040000
  832. 2534.14dc: 00007ff54baf0000-00007ff61f80ffff 0x0001/0x0000 0x0000000
  833. 2534.14dc: *00007ff61f810000-00007ff61f810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  834. 2534.14dc: 00007ff61f811000-00007ff61f87bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  835. 2534.14dc: 00007ff61f87c000-00007ff61f87cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  836. 2534.14dc: 00007ff61f87d000-00007ff61f8d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  837. 2534.14dc: 00007ff61f8d2000-00007ff61f8ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  838. 2534.14dc: 00007ff61f8de000-00007ff61f8defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  839. 2534.14dc: 00007ff61f8df000-00007ff61f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  840. 2534.14dc: 00007ff61f91a000-00007ffbd8d0ffff 0x0001/0x0000 0x0000000
  841. 2534.14dc: *00007ffbd8d10000-00007ffbd8d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  842. 2534.14dc: 00007ffbd8d11000-00007ffbd8e41fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  843. 2534.14dc: 00007ffbd8e42000-00007ffbd8e8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  844. 2534.14dc: 00007ffbd8e90000-00007ffbd8e93fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  845. 2534.14dc: 00007ffbd8e94000-00007ffbd8e9bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  846. 2534.14dc: 00007ffbd8e9c000-00007ffbd8eaafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  847. 2534.14dc: 00007ffbd8eab000-00007ffbd8eabfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  848. 2534.14dc: 00007ffbd8eac000-00007ffbd8eaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  849. 2534.14dc: 00007ffbd8eaf000-00007ffbd8f26fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  850. 2534.14dc: 00007ffbd8f27000-00007ffffffeffff 0x0001/0x0000 0x0000000
  851. 2534.14dc: supR3HardNtChildPurify: Done after 794 ms and 1 fixes (loop #1).
  852. 46ec.54b0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbd8d10000 g_uNtVerCombined=0xa0586700 (stack ~000000af27ffecc0)
  853. 46ec.54b0: ntdll.dll: timestamp 0x36d7bcf8 (rc=VINF_SUCCESS)
  854. 46ec.54b0: New simple heap: #1 000002855f3d0000 LB 0x800000 (for 2191360 allocation)
  855. 2534.14dc: supR3HardNtEnableThreadCreationEx:
  856. 46ec.54b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  857. 46ec.54b0: System32: \Device\HarddiskVolume5\Windows\System32
  858. 46ec.54b0: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
  859. 46ec.54b0: KnownDllPath: C:\Windows\System32
  860. 46ec.54b0: supR3HardenedVmProcessInit: Opening vboxsup stub...
  861. 46ec.54b0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  862. 46ec.54b0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  863. 46ec.54b0: Registered Dll notification callback with NTDLL.
  864. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
  865. 46ec.54b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  866. 46ec.54b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  867. 46ec.54b0: supR3HardenedDllNotificationCallback: load 00007ffbd5e50000 LB 0x003d1000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
  868. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
  869. 46ec.54b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  870. 46ec.54b0: supR3HardenedDllNotificationCallback: load 00007ffbd7870000 LB 0x000c4000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
  871. 46ec.54b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  872. 46ec.54b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\KERNEL32.DLL'
  873. 46ec.54b0: supR3HardenedDllNotificationCallback: load 00007ff61f810000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
  874. 46ec.54b0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  875. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  876. 46ec.54b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  877. 46ec.54b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbd8d84440 pvNtTerminateThread=00007ffbd8db0e30
  878. 2534.14dc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 75 ms.
  879. 46ec.54b0: \SystemRoot\System32\ntdll.dll:
  880. 46ec.54b0: CreationTime: 2025-03-12T17:32:50.955934500Z
  881. 46ec.54b0: LastWriteTime: 2025-03-12T17:32:51.017206900Z
  882. 46ec.54b0: ChangeTime: 2025-03-13T22:19:28.355125000Z
  883. 46ec.54b0: FileAttributes: 0x20
  884. 46ec.54b0: Size: 0x216038
  885. 46ec.54b0: NT Headers: 0xe8
  886. 46ec.54b0: Timestamp: 0x36d7bcf8
  887. 46ec.54b0: Machine: 0x8664 - amd64
  888. 46ec.54b0: Timestamp: 0x36d7bcf8
  889. 46ec.54b0: Image Version: 10.0
  890. 46ec.54b0: SizeOfImage: 0x217000 (2191360)
  891. 46ec.54b0: Resource Dir: 0x1a0000 LB 0x759a8
  892. 46ec.54b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  893. 46ec.54b0: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  894. 46ec.54b0: ProductName: Microsoft® Windows® Operating System
  895. 46ec.54b0: ProductVersion: 10.0.22621.4974
  896. 46ec.54b0: FileVersion: 10.0.22621.4974 (WinBuild.160101.0800)
  897. 46ec.54b0: FileDescription: NT Layer DLL
  898. 46ec.54b0: \SystemRoot\System32\kernel32.dll:
  899. 46ec.54b0: CreationTime: 2025-03-12T17:32:50.494392400Z
  900. 46ec.54b0: LastWriteTime: 2025-03-12T17:32:50.522189500Z
  901. 46ec.54b0: ChangeTime: 2025-03-13T22:20:04.067768600Z
  902. 46ec.54b0: FileAttributes: 0x20
  903. 46ec.54b0: Size: 0xc7188
  904. 46ec.54b0: NT Headers: 0xe8
  905. 46ec.54b0: Timestamp: 0x8c0b1418
  906. 46ec.54b0: Machine: 0x8664 - amd64
  907. 46ec.54b0: Timestamp: 0x8c0b1418
  908. 46ec.54b0: Image Version: 10.0
  909. 46ec.54b0: SizeOfImage: 0xc4000 (802816)
  910. 46ec.54b0: Resource Dir: 0xc2000 LB 0x520
  911. 46ec.54b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  912. 46ec.54b0: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  913. 46ec.54b0: ProductName: Microsoft® Windows® Operating System
  914. 46ec.54b0: ProductVersion: 10.0.22621.4974
  915. 46ec.54b0: FileVersion: 10.0.22621.4974 (WinBuild.160101.0800)
  916. 46ec.54b0: FileDescription: Windows NT BASE API Client DLL
  917. 46ec.54b0: \SystemRoot\System32\KernelBase.dll:
  918. 46ec.54b0: CreationTime: 2025-03-12T17:32:51.859758200Z
  919. 46ec.54b0: LastWriteTime: 2025-03-12T17:32:52.063051800Z
  920. 46ec.54b0: ChangeTime: 2025-03-13T22:20:04.207799700Z
  921. 46ec.54b0: FileAttributes: 0x20
  922. 46ec.54b0: Size: 0x3d7f18
  923. 46ec.54b0: NT Headers: 0xf8
  924. 46ec.54b0: Timestamp: 0xa29a3610
  925. 46ec.54b0: Machine: 0x8664 - amd64
  926. 46ec.54b0: Timestamp: 0xa29a3610
  927. 46ec.54b0: Image Version: 10.0
  928. 46ec.54b0: SizeOfImage: 0x3d1000 (4001792)
  929. 46ec.54b0: Resource Dir: 0x3a0000 LB 0x548
  930. 46ec.54b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  931. 46ec.54b0: [Raw version resource data: 0x3a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  932. 46ec.54b0: ProductName: Microsoft® Windows® Operating System
  933. 46ec.54b0: ProductVersion: 10.0.22621.5037
  934. 46ec.54b0: FileVersion: 10.0.22621.5037 (WinBuild.160101.0800)
  935. 46ec.54b0: FileDescription: Windows NT BASE API Client DLL
  936. 46ec.54b0: \SystemRoot\System32\apisetschema.dll:
  937. 46ec.54b0: CreationTime: 2024-08-18T12:47:44.848835500Z
  938. 46ec.54b0: LastWriteTime: 2024-08-18T12:47:44.854356200Z
  939. 46ec.54b0: ChangeTime: 2025-03-12T17:34:36.442764200Z
  940. 46ec.54b0: FileAttributes: 0x20
  941. 46ec.54b0: Size: 0x245e0
  942. 46ec.54b0: NT Headers: 0xc8
  943. 46ec.54b0: Timestamp: 0x8f476251
  944. 46ec.54b0: Machine: 0x8664 - amd64
  945. 46ec.54b0: Timestamp: 0x8f476251
  946. 46ec.54b0: Image Version: 10.0
  947. 46ec.54b0: SizeOfImage: 0x23000 (143360)
  948. 46ec.54b0: Resource Dir: 0x22000 LB 0x408
  949. 46ec.54b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  950. 46ec.54b0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  951. 46ec.54b0: ProductName: Microsoft® Windows® Operating System
  952. 46ec.54b0: ProductVersion: 10.0.22621.3958
  953. 46ec.54b0: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
  954. 46ec.54b0: FileDescription: ApiSet Schema DLL
  955. 46ec.54b0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  956. 46ec.54b0: supR3HardenedWinFindAdversaries: 0x0
  957. 46ec.54b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  958. 46ec.54b0: Calling main()
  959. 46ec.54b0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  960. 46ec.54b0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  961. 46ec.54b0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  962. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  963. 46ec.54b0: SUPR3HardenedMain: Respawn #2
  964. 46ec.54b0: supR3HardNtEnableThreadCreationEx:
  965. 46ec.54b0: supR3HardenedDllNotificationCallback: load 00007ffbd6350000 LB 0x00028000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
  966. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
  967. 46ec.54b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
  968. 46ec.54b0: supR3HardenedDllNotificationCallback: load 00007ffbd6b90000 LB 0x000a7000 C:\Windows\System32\sechost.dll [fFlags=0x0]
  969. 46ec.54b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
  970. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
  971. 46ec.54b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
  972. 46ec.54b0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
  973. 46ec.54b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll)
  974. 46ec.54b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  975. 46ec.54b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  976. 46ec.54b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  977. 46ec.54b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  978. 46ec.54b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  979. 46ec.54b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8d10000 'C:\Windows\System32\ntdll.dll'
  980. 46ec.54b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]
  981. 46ec.54b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  982. 46ec.54b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'C:\Windows\System32\KernelBase.dll'
  983. 46ec.54b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbd8d84440 pvNtTerminateThread=00007ffbd8db0e30
  984. 46ec.54b0: supR3HardenedWinDoReSpawn(2): New child 3f24.31ac [kernel32].
  985. 46ec.54b0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  986. 46ec.54b0: supR3HardNtChildGatherData: PebBaseAddress=000000b0eb44c000 cbPeb=0x388
  987. 46ec.54b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbd8d10000 uNtDllChildAddr=00007ffbd8d10000
  988. 46ec.54b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbd8d84440
  989. 46ec.54b0: supR3HardenedWinSetupChildInit: Initial context:
  990. rax=0000000000000000 rbx=0000000000000000 rcx=00007ff61f81b850 rdx=000000b0eb44c000
  991. rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  992. r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  993. r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
  994. rip=00007ffbd8d6af10 rsp=000000b0eb6fffb8 rbp=0000000000000000 ctxflags=0010001b
  995. cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
  996. P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
  997. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  998. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  999. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
  1000. 46ec.54b0: kernel32.dll: timestamp 0x8c0b1418 (rc=VINF_SUCCESS)
  1001. 46ec.54b0: supR3HardenedWinSetupChildInit: Start child.
  1002. 46ec.54b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  1003. 46ec.54b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 17 sleeps
  1004. 46ec.54b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  1005. 46ec.54b0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  1006. 46ec.54b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  1007. 46ec.54b0: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
  1008. 46ec.54b0: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
  1009. 46ec.54b0: 000000007ffea000-000000b0eb3fffff 0x0001/0x0000 0x0000000
  1010. 46ec.54b0: *000000b0eb400000-000000b0eb44bfff 0x0000/0x0004 0x0020000
  1011. 46ec.54b0: 000000b0eb44c000-000000b0eb44efff 0x0004/0x0004 0x0020000
  1012. 46ec.54b0: 000000b0eb44f000-000000b0eb5fffff 0x0000/0x0004 0x0020000
  1013. 46ec.54b0: *000000b0eb600000-000000b0eb6fafff 0x0000/0x0004 0x0020000
  1014. 46ec.54b0: 000000b0eb6fb000-000000b0eb6fdfff 0x0104/0x0004 0x0020000
  1015. 46ec.54b0: 000000b0eb6fe000-000000b0eb6fffff 0x0004/0x0004 0x0020000
  1016. 46ec.54b0: 000000b0eb700000-000002440d71ffff 0x0001/0x0000 0x0000000
  1017. 46ec.54b0: *000002440d720000-000002440d73ffff 0x0004/0x0004 0x0020000
  1018. 46ec.54b0: *000002440d740000-000002440d75efff 0x0002/0x0002 0x0040000
  1019. 46ec.54b0: 000002440d75f000-000002440d75ffff 0x0001/0x0000 0x0000000
  1020. 46ec.54b0: *000002440d760000-000002440d763fff 0x0002/0x0002 0x0040000
  1021. 46ec.54b0: 000002440d764000-000002440d76ffff 0x0001/0x0000 0x0000000
  1022. 46ec.54b0: *000002440d770000-000002440d770fff 0x0002/0x0002 0x0040000
  1023. 46ec.54b0: 000002440d771000-000002440d77ffff 0x0001/0x0000 0x0000000
  1024. 46ec.54b0: *000002440d780000-000002440d781fff 0x0004/0x0004 0x0020000
  1025. 46ec.54b0: 000002440d782000-00007df542f5ffff 0x0001/0x0000 0x0000000
  1026. 46ec.54b0: *00007df542f60000-00007df542f60fff 0x0002/0x0002 0x0040000
  1027. 46ec.54b0: 00007df542f61000-00007df542f6ffff 0x0001/0x0000 0x0000000
  1028. 46ec.54b0: *00007df542f70000-00007df5443f2fff 0x0000/0x0001 0x0040000
  1029. 46ec.54b0: 00007df5443f3000-00007df5444c1fff 0x0001/0x0001 0x0040000
  1030. 46ec.54b0: 00007df5444c2000-00007df544d56fff 0x0000/0x0001 0x0040000
  1031. 46ec.54b0: 00007df544d57000-00007df544d57fff 0x0001/0x0001 0x0040000
  1032. 46ec.54b0: 00007df544d58000-00007ff51b74ffff 0x0000/0x0001 0x0040000
  1033. 46ec.54b0: 00007ff51b750000-00007ff51b754fff 0x0002/0x0001 0x0040000
  1034. 46ec.54b0: 00007ff51b755000-00007ff52e8a0fff 0x0000/0x0001 0x0040000
  1035. 46ec.54b0: 00007ff52e8a1000-00007ff5325a3fff 0x0001/0x0001 0x0040000
  1036. 46ec.54b0: 00007ff5325a4000-00007ff5325acfff 0x0002/0x0001 0x0040000
  1037. 46ec.54b0: 00007ff5325ad000-00007ff542f6ffff 0x0000/0x0001 0x0040000
  1038. 46ec.54b0: 00007ff542f70000-00007ff61f80ffff 0x0001/0x0000 0x0000000
  1039. 46ec.54b0: *00007ff61f810000-00007ff61f810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1040. 46ec.54b0: 00007ff61f811000-00007ff61f87bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1041. 46ec.54b0: 00007ff61f87c000-00007ff61f87cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1042. 46ec.54b0: 00007ff61f87d000-00007ff61f8d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1043. 46ec.54b0: 00007ff61f8d2000-00007ff61f8d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1044. 46ec.54b0: 00007ff61f8d3000-00007ff61f8d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1045. 46ec.54b0: 00007ff61f8d4000-00007ff61f8d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1046. 46ec.54b0: 00007ff61f8d9000-00007ff61f8defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1047. 46ec.54b0: 00007ff61f8df000-00007ff61f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1048. 46ec.54b0: 00007ff61f91a000-00007ffbd8d0ffff 0x0001/0x0000 0x0000000
  1049. 46ec.54b0: *00007ffbd8d10000-00007ffbd8d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1050. 46ec.54b0: 00007ffbd8d11000-00007ffbd8e41fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1051. 46ec.54b0: 00007ffbd8e42000-00007ffbd8e8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1052. 46ec.54b0: 00007ffbd8e90000-00007ffbd8e9bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1053. 46ec.54b0: 00007ffbd8e9c000-00007ffbd8eaafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1054. 46ec.54b0: 00007ffbd8eab000-00007ffbd8eabfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1055. 46ec.54b0: 00007ffbd8eac000-00007ffbd8eaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1056. 46ec.54b0: 00007ffbd8eaf000-00007ffbd8f26fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1057. 46ec.54b0: 00007ffbd8f27000-00007ffffffeffff 0x0001/0x0000 0x0000000
  1058. 46ec.54b0: VirtualBoxVM.exe: timestamp 0x678f9dd6 (rc=VINF_SUCCESS)
  1059. 46ec.54b0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  1060. 46ec.54b0: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  1061. 46ec.54b0: 00007ff61f917b28 / 0x0107b28: 00 != 50
  1062. 46ec.54b0: 00007ff61f917b29 / 0x0107b29: 00 != 41
  1063. 46ec.54b0: 00007ff61f917b2a / 0x0107b2a: 00 != 44
  1064. 46ec.54b0: 00007ff61f917b2b / 0x0107b2b: 00 != 44
  1065. 46ec.54b0: 00007ff61f917b2c / 0x0107b2c: 00 != 49
  1066. 46ec.54b0: 00007ff61f917b2d / 0x0107b2d: 00 != 4e
  1067. 46ec.54b0: 00007ff61f917b2e / 0x0107b2e: 00 != 47
  1068. 46ec.54b0: 00007ff61f917b2f / 0x0107b2f: 00 != 58
  1069. 46ec.54b0: 00007ff61f917b30 / 0x0107b30: 00 != 58
  1070. 46ec.54b0: 00007ff61f917b31 / 0x0107b31: 00 != 50
  1071. 46ec.54b0: 00007ff61f917b32 / 0x0107b32: 00 != 41
  1072. 46ec.54b0: 00007ff61f917b33 / 0x0107b33: 00 != 44
  1073. 46ec.54b0: 00007ff61f917b34 / 0x0107b34: 00 != 44
  1074. 46ec.54b0: 00007ff61f917b35 / 0x0107b35: 00 != 49
  1075. 46ec.54b0: 00007ff61f917b36 / 0x0107b36: 00 != 4e
  1076. 46ec.54b0: 00007ff61f917b37 / 0x0107b37: 00 != 47
  1077. 46ec.54b0: 00007ff61f917b38 / 0x0107b38: 00 != 50
  1078. 46ec.54b0: 00007ff61f917b39 / 0x0107b39: 00 != 41
  1079. 46ec.54b0: 00007ff61f917b3a / 0x0107b3a: 00 != 44
  1080. 46ec.54b0: 00007ff61f917b3b / 0x0107b3b: 00 != 44
  1081. 46ec.54b0: 00007ff61f917b3c / 0x0107b3c: 00 != 49
  1082. 46ec.54b0: 00007ff61f917b3d / 0x0107b3d: 00 != 4e
  1083. 46ec.54b0: 00007ff61f917b3e / 0x0107b3e: 00 != 47
  1084. 46ec.54b0: 00007ff61f917b3f / 0x0107b3f: 00 != 58
  1085. 46ec.54b0: 00007ff61f917b40 / 0x0107b40: 00 != 58
  1086. 46ec.54b0: 00007ff61f917b41 / 0x0107b41: 00 != 50
  1087. 46ec.54b0: 00007ff61f917b42 / 0x0107b42: 00 != 41
  1088. 46ec.54b0: 00007ff61f917b43 / 0x0107b43: 00 != 44
  1089. 46ec.54b0: 00007ff61f917b44 / 0x0107b44: 00 != 44
  1090. 46ec.54b0: 00007ff61f917b45 / 0x0107b45: 00 != 49
  1091. 46ec.54b0: 00007ff61f917b46 / 0x0107b46: 00 != 4e
  1092. 46ec.54b0: 00007ff61f917b47 / 0x0107b47: 00 != 47
  1093. 46ec.54b0: 00007ff61f917b48 / 0x0107b48: 00 != 50
  1094. 46ec.54b0: 00007ff61f917b49 / 0x0107b49: 00 != 41
  1095. 46ec.54b0: 00007ff61f917b4a / 0x0107b4a: 00 != 44
  1096. 46ec.54b0: 00007ff61f917b4b / 0x0107b4b: 00 != 44
  1097. 46ec.54b0: 00007ff61f917b4c / 0x0107b4c: 00 != 49
  1098. 46ec.54b0: 00007ff61f917b4d / 0x0107b4d: 00 != 4e
  1099. 46ec.54b0: 00007ff61f917b4e / 0x0107b4e: 00 != 47
  1100. 46ec.54b0: 00007ff61f917b4f / 0x0107b4f: 00 != 58
  1101. 46ec.54b0: 00007ff61f917b50 / 0x0107b50: 00 != 58
  1102. 46ec.54b0: 00007ff61f917b51 / 0x0107b51: 00 != 50
  1103. 46ec.54b0: 00007ff61f917b52 / 0x0107b52: 00 != 41
  1104. 46ec.54b0: 00007ff61f917b53 / 0x0107b53: 00 != 44
  1105. 46ec.54b0: 00007ff61f917b54 / 0x0107b54: 00 != 44
  1106. 46ec.54b0: 00007ff61f917b55 / 0x0107b55: 00 != 49
  1107. 46ec.54b0: 00007ff61f917b56 / 0x0107b56: 00 != 4e
  1108. 46ec.54b0: 00007ff61f917b57 / 0x0107b57: 00 != 47
  1109. 46ec.54b0: 00007ff61f917b58 / 0x0107b58: 00 != 50
  1110. 46ec.54b0: 00007ff61f917b59 / 0x0107b59: 00 != 41
  1111. 46ec.54b0: 00007ff61f917b5a / 0x0107b5a: 00 != 44
  1112. 46ec.54b0: 00007ff61f917b5b / 0x0107b5b: 00 != 44
  1113. 46ec.54b0: 00007ff61f917b5c / 0x0107b5c: 00 != 49
  1114. 46ec.54b0: 00007ff61f917b5d / 0x0107b5d: 00 != 4e
  1115. 46ec.54b0: 00007ff61f917b5e / 0x0107b5e: 00 != 47
  1116. 46ec.54b0: 00007ff61f917b5f / 0x0107b5f: 00 != 58
  1117. 46ec.54b0: 00007ff61f917b60 / 0x0107b60: 00 != 58
  1118. 46ec.54b0: 00007ff61f917b61 / 0x0107b61: 00 != 50
  1119. 46ec.54b0: 00007ff61f917b62 / 0x0107b62: 00 != 41
  1120. 46ec.54b0: 00007ff61f917b63 / 0x0107b63: 00 != 44
  1121. 46ec.54b0: 00007ff61f917b64 / 0x0107b64: 00 != 44
  1122. 46ec.54b0: 00007ff61f917b65 / 0x0107b65: 00 != 49
  1123. 46ec.54b0: 00007ff61f917b66 / 0x0107b66: 00 != 4e
  1124. 46ec.54b0: 00007ff61f917b67 / 0x0107b67: 00 != 47
  1125. 46ec.54b0: 00007ff61f917b68 / 0x0107b68: 00 != 50
  1126. 46ec.54b0: 00007ff61f917b69 / 0x0107b69: 00 != 41
  1127. 46ec.54b0: 00007ff61f917b6a / 0x0107b6a: 00 != 44
  1128. 46ec.54b0: 00007ff61f917b6b / 0x0107b6b: 00 != 44
  1129. 46ec.54b0: 00007ff61f917b6c / 0x0107b6c: 00 != 49
  1130. 46ec.54b0: 00007ff61f917b6d / 0x0107b6d: 00 != 4e
  1131. 46ec.54b0: 00007ff61f917b6e / 0x0107b6e: 00 != 47
  1132. 46ec.54b0: 00007ff61f917b6f / 0x0107b6f: 00 != 58
  1133. 46ec.54b0: 00007ff61f917b70 / 0x0107b70: 00 != 58
  1134. 46ec.54b0: 00007ff61f917b71 / 0x0107b71: 00 != 50
  1135. 46ec.54b0: 00007ff61f917b72 / 0x0107b72: 00 != 41
  1136. 46ec.54b0: 00007ff61f917b73 / 0x0107b73: 00 != 44
  1137. 46ec.54b0: 00007ff61f917b74 / 0x0107b74: 00 != 44
  1138. 46ec.54b0: 00007ff61f917b75 / 0x0107b75: 00 != 49
  1139. 46ec.54b0: 00007ff61f917b76 / 0x0107b76: 00 != 4e
  1140. 46ec.54b0: 00007ff61f917b77 / 0x0107b77: 00 != 47
  1141. 46ec.54b0: 00007ff61f917b78 / 0x0107b78: 00 != 50
  1142. 46ec.54b0: 00007ff61f917b79 / 0x0107b79: 00 != 41
  1143. 46ec.54b0: 00007ff61f917b7a / 0x0107b7a: 00 != 44
  1144. 46ec.54b0: 00007ff61f917b7b / 0x0107b7b: 00 != 44
  1145. 46ec.54b0: 00007ff61f917b7c / 0x0107b7c: 00 != 49
  1146. 46ec.54b0: 00007ff61f917b7d / 0x0107b7d: 00 != 4e
  1147. 46ec.54b0: 00007ff61f917b7e / 0x0107b7e: 00 != 47
  1148. 46ec.54b0: 00007ff61f917b7f / 0x0107b7f: 00 != 58
  1149. 46ec.54b0: 00007ff61f917b80 / 0x0107b80: 00 != 58
  1150. 46ec.54b0: 00007ff61f917b81 / 0x0107b81: 00 != 50
  1151. 46ec.54b0: 00007ff61f917b82 / 0x0107b82: 00 != 41
  1152. 46ec.54b0: 00007ff61f917b83 / 0x0107b83: 00 != 44
  1153. 46ec.54b0: 00007ff61f917b84 / 0x0107b84: 00 != 44
  1154. 46ec.54b0: 00007ff61f917b85 / 0x0107b85: 00 != 49
  1155. 46ec.54b0: 00007ff61f917b86 / 0x0107b86: 00 != 4e
  1156. 46ec.54b0: 00007ff61f917b87 / 0x0107b87: 00 != 47
  1157. 46ec.54b0: 00007ff61f917b88 / 0x0107b88: 00 != 50
  1158. 46ec.54b0: 00007ff61f917b89 / 0x0107b89: 00 != 41
  1159. 46ec.54b0: 00007ff61f917b8a / 0x0107b8a: 00 != 44
  1160. 46ec.54b0: 00007ff61f917b8b / 0x0107b8b: 00 != 44
  1161. 46ec.54b0: 00007ff61f917b8c / 0x0107b8c: 00 != 49
  1162. 46ec.54b0: 00007ff61f917b8d / 0x0107b8d: 00 != 4e
  1163. 46ec.54b0: 00007ff61f917b8e / 0x0107b8e: 00 != 47
  1164. 46ec.54b0: 00007ff61f917b8f / 0x0107b8f: 00 != 58
  1165. 46ec.54b0: 00007ff61f917b90 / 0x0107b90: 00 != 58
  1166. 46ec.54b0: 00007ff61f917b91 / 0x0107b91: 00 != 50
  1167. 46ec.54b0: 00007ff61f917b92 / 0x0107b92: 00 != 41
  1168. 46ec.54b0: 00007ff61f917b93 / 0x0107b93: 00 != 44
  1169. 46ec.54b0: 00007ff61f917b94 / 0x0107b94: 00 != 44
  1170. 46ec.54b0: 00007ff61f917b95 / 0x0107b95: 00 != 49
  1171. 46ec.54b0: 00007ff61f917b96 / 0x0107b96: 00 != 4e
  1172. 46ec.54b0: 00007ff61f917b97 / 0x0107b97: 00 != 47
  1173. 46ec.54b0: 00007ff61f917b98 / 0x0107b98: 00 != 50
  1174. 46ec.54b0: 00007ff61f917b99 / 0x0107b99: 00 != 41
  1175. 46ec.54b0: 00007ff61f917b9a / 0x0107b9a: 00 != 44
  1176. 46ec.54b0: 00007ff61f917b9b / 0x0107b9b: 00 != 44
  1177. 46ec.54b0: 00007ff61f917b9c / 0x0107b9c: 00 != 49
  1178. 46ec.54b0: 00007ff61f917b9d / 0x0107b9d: 00 != 4e
  1179. 46ec.54b0: 00007ff61f917b9e / 0x0107b9e: 00 != 47
  1180. 46ec.54b0: 00007ff61f917b9f / 0x0107b9f: 00 != 58
  1181. 46ec.54b0: 00007ff61f917ba0 / 0x0107ba0: 00 != 58
  1182. 46ec.54b0: 00007ff61f917ba1 / 0x0107ba1: 00 != 50
  1183. 46ec.54b0: 00007ff61f917ba2 / 0x0107ba2: 00 != 41
  1184. 46ec.54b0: 00007ff61f917ba3 / 0x0107ba3: 00 != 44
  1185. 46ec.54b0: 00007ff61f917ba4 / 0x0107ba4: 00 != 44
  1186. 46ec.54b0: 00007ff61f917ba5 / 0x0107ba5: 00 != 49
  1187. 46ec.54b0: 00007ff61f917ba6 / 0x0107ba6: 00 != 4e
  1188. 46ec.54b0: 00007ff61f917ba7 / 0x0107ba7: 00 != 47
  1189. 46ec.54b0: 00007ff61f917ba8 / 0x0107ba8: 00 != 50
  1190. 46ec.54b0: 00007ff61f917ba9 / 0x0107ba9: 00 != 41
  1191. 46ec.54b0: 00007ff61f917baa / 0x0107baa: 00 != 44
  1192. 46ec.54b0: 00007ff61f917bab / 0x0107bab: 00 != 44
  1193. 46ec.54b0: 00007ff61f917bac / 0x0107bac: 00 != 49
  1194. 46ec.54b0: 00007ff61f917bad / 0x0107bad: 00 != 4e
  1195. 46ec.54b0: 00007ff61f917bae / 0x0107bae: 00 != 47
  1196. 46ec.54b0: 00007ff61f917baf / 0x0107baf: 00 != 58
  1197. 46ec.54b0: 00007ff61f917bb0 / 0x0107bb0: 00 != 58
  1198. 46ec.54b0: 00007ff61f917bb1 / 0x0107bb1: 00 != 50
  1199. 46ec.54b0: 00007ff61f917bb2 / 0x0107bb2: 00 != 41
  1200. 46ec.54b0: 00007ff61f917bb3 / 0x0107bb3: 00 != 44
  1201. 46ec.54b0: 00007ff61f917bb4 / 0x0107bb4: 00 != 44
  1202. 46ec.54b0: 00007ff61f917bb5 / 0x0107bb5: 00 != 49
  1203. 46ec.54b0: 00007ff61f917bb6 / 0x0107bb6: 00 != 4e
  1204. 46ec.54b0: 00007ff61f917bb7 / 0x0107bb7: 00 != 47
  1205. 46ec.54b0: 00007ff61f917bb8 / 0x0107bb8: 00 != 50
  1206. 46ec.54b0: 00007ff61f917bb9 / 0x0107bb9: 00 != 41
  1207. 46ec.54b0: 00007ff61f917bba / 0x0107bba: 00 != 44
  1208. 46ec.54b0: 00007ff61f917bbb / 0x0107bbb: 00 != 44
  1209. 46ec.54b0: 00007ff61f917bbc / 0x0107bbc: 00 != 49
  1210. 46ec.54b0: 00007ff61f917bbd / 0x0107bbd: 00 != 4e
  1211. 46ec.54b0: 00007ff61f917bbe / 0x0107bbe: 00 != 47
  1212. 46ec.54b0: 00007ff61f917bbf / 0x0107bbf: 00 != 58
  1213. 46ec.54b0: 00007ff61f917bc0 / 0x0107bc0: 00 != 58
  1214. 46ec.54b0: 00007ff61f917bc1 / 0x0107bc1: 00 != 50
  1215. 46ec.54b0: 00007ff61f917bc2 / 0x0107bc2: 00 != 41
  1216. 46ec.54b0: 00007ff61f917bc3 / 0x0107bc3: 00 != 44
  1217. 46ec.54b0: 00007ff61f917bc4 / 0x0107bc4: 00 != 44
  1218. 46ec.54b0: 00007ff61f917bc5 / 0x0107bc5: 00 != 49
  1219. 46ec.54b0: 00007ff61f917bc6 / 0x0107bc6: 00 != 4e
  1220. 46ec.54b0: 00007ff61f917bc7 / 0x0107bc7: 00 != 47
  1221. 46ec.54b0: 00007ff61f917bc8 / 0x0107bc8: 00 != 50
  1222. 46ec.54b0: 00007ff61f917bc9 / 0x0107bc9: 00 != 41
  1223. 46ec.54b0: 00007ff61f917bca / 0x0107bca: 00 != 44
  1224. 46ec.54b0: 00007ff61f917bcb / 0x0107bcb: 00 != 44
  1225. 46ec.54b0: 00007ff61f917bcc / 0x0107bcc: 00 != 49
  1226. 46ec.54b0: 00007ff61f917bcd / 0x0107bcd: 00 != 4e
  1227. 46ec.54b0: 00007ff61f917bce / 0x0107bce: 00 != 47
  1228. 46ec.54b0: 00007ff61f917bcf / 0x0107bcf: 00 != 58
  1229. 46ec.54b0: 00007ff61f917bd0 / 0x0107bd0: 00 != 58
  1230. 46ec.54b0: 00007ff61f917bd1 / 0x0107bd1: 00 != 50
  1231. 46ec.54b0: 00007ff61f917bd2 / 0x0107bd2: 00 != 41
  1232. 46ec.54b0: 00007ff61f917bd3 / 0x0107bd3: 00 != 44
  1233. 46ec.54b0: 00007ff61f917bd4 / 0x0107bd4: 00 != 44
  1234. 46ec.54b0: 00007ff61f917bd5 / 0x0107bd5: 00 != 49
  1235. 46ec.54b0: 00007ff61f917bd6 / 0x0107bd6: 00 != 4e
  1236. 46ec.54b0: 00007ff61f917bd7 / 0x0107bd7: 00 != 47
  1237. 46ec.54b0: 00007ff61f917bd8 / 0x0107bd8: 00 != 50
  1238. 46ec.54b0: 00007ff61f917bd9 / 0x0107bd9: 00 != 41
  1239. 46ec.54b0: 00007ff61f917bda / 0x0107bda: 00 != 44
  1240. 46ec.54b0: 00007ff61f917bdb / 0x0107bdb: 00 != 44
  1241. 46ec.54b0: 00007ff61f917bdc / 0x0107bdc: 00 != 49
  1242. 46ec.54b0: 00007ff61f917bdd / 0x0107bdd: 00 != 4e
  1243. 46ec.54b0: 00007ff61f917bde / 0x0107bde: 00 != 47
  1244. 46ec.54b0: 00007ff61f917bdf / 0x0107bdf: 00 != 58
  1245. 46ec.54b0: 00007ff61f917be0 / 0x0107be0: 00 != 58
  1246. 46ec.54b0: 00007ff61f917be1 / 0x0107be1: 00 != 50
  1247. 46ec.54b0: 00007ff61f917be2 / 0x0107be2: 00 != 41
  1248. 46ec.54b0: 00007ff61f917be3 / 0x0107be3: 00 != 44
  1249. 46ec.54b0: 00007ff61f917be4 / 0x0107be4: 00 != 44
  1250. 46ec.54b0: 00007ff61f917be5 / 0x0107be5: 00 != 49
  1251. 46ec.54b0: 00007ff61f917be6 / 0x0107be6: 00 != 4e
  1252. 46ec.54b0: 00007ff61f917be7 / 0x0107be7: 00 != 47
  1253. 46ec.54b0: 00007ff61f917be8 / 0x0107be8: 00 != 50
  1254. 46ec.54b0: 00007ff61f917be9 / 0x0107be9: 00 != 41
  1255. 46ec.54b0: 00007ff61f917bea / 0x0107bea: 00 != 44
  1256. 46ec.54b0: 00007ff61f917beb / 0x0107beb: 00 != 44
  1257. 46ec.54b0: 00007ff61f917bec / 0x0107bec: 00 != 49
  1258. 46ec.54b0: 00007ff61f917bed / 0x0107bed: 00 != 4e
  1259. 46ec.54b0: 00007ff61f917bee / 0x0107bee: 00 != 47
  1260. 46ec.54b0: 00007ff61f917bef / 0x0107bef: 00 != 58
  1261. 46ec.54b0: 00007ff61f917bf0 / 0x0107bf0: 00 != 58
  1262. 46ec.54b0: 00007ff61f917bf1 / 0x0107bf1: 00 != 50
  1263. 46ec.54b0: 00007ff61f917bf2 / 0x0107bf2: 00 != 41
  1264. 46ec.54b0: 00007ff61f917bf3 / 0x0107bf3: 00 != 44
  1265. 46ec.54b0: 00007ff61f917bf4 / 0x0107bf4: 00 != 44
  1266. 46ec.54b0: 00007ff61f917bf5 / 0x0107bf5: 00 != 49
  1267. 46ec.54b0: 00007ff61f917bf6 / 0x0107bf6: 00 != 4e
  1268. 46ec.54b0: 00007ff61f917bf7 / 0x0107bf7: 00 != 47
  1269. 46ec.54b0: 00007ff61f917bf8 / 0x0107bf8: 00 != 50
  1270. 46ec.54b0: 00007ff61f917bf9 / 0x0107bf9: 00 != 41
  1271. 46ec.54b0: 00007ff61f917bfa / 0x0107bfa: 00 != 44
  1272. 46ec.54b0: 00007ff61f917bfb / 0x0107bfb: 00 != 44
  1273. 46ec.54b0: 00007ff61f917bfc / 0x0107bfc: 00 != 49
  1274. 46ec.54b0: 00007ff61f917bfd / 0x0107bfd: 00 != 4e
  1275. 46ec.54b0: 00007ff61f917bfe / 0x0107bfe: 00 != 47
  1276. 46ec.54b0: 00007ff61f917bff / 0x0107bff: 00 != 58
  1277. 46ec.54b0: Restored 0x4d8 bytes of original file content at 00007ff61f917b28
  1278. 46ec.54b0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
  1279. 46ec.54b0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
  1280. 46ec.54b0: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
  1281. 46ec.54b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  1282. 46ec.54b0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  1283. 46ec.54b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  1284. 46ec.54b0: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
  1285. 46ec.54b0: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
  1286. 46ec.54b0: 000000007ffea000-000000b0eb3fffff 0x0001/0x0000 0x0000000
  1287. 46ec.54b0: *000000b0eb400000-000000b0eb44bfff 0x0000/0x0004 0x0020000
  1288. 46ec.54b0: 000000b0eb44c000-000000b0eb44efff 0x0004/0x0004 0x0020000
  1289. 46ec.54b0: 000000b0eb44f000-000000b0eb5fffff 0x0000/0x0004 0x0020000
  1290. 46ec.54b0: *000000b0eb600000-000000b0eb6fafff 0x0000/0x0004 0x0020000
  1291. 46ec.54b0: 000000b0eb6fb000-000000b0eb6fdfff 0x0104/0x0004 0x0020000
  1292. 46ec.54b0: 000000b0eb6fe000-000000b0eb6fffff 0x0004/0x0004 0x0020000
  1293. 46ec.54b0: 000000b0eb700000-000002440d71ffff 0x0001/0x0000 0x0000000
  1294. 46ec.54b0: *000002440d720000-000002440d73ffff 0x0004/0x0004 0x0020000
  1295. 46ec.54b0: *000002440d740000-000002440d75efff 0x0002/0x0002 0x0040000
  1296. 46ec.54b0: 000002440d75f000-000002440d75ffff 0x0001/0x0000 0x0000000
  1297. 46ec.54b0: *000002440d760000-000002440d763fff 0x0002/0x0002 0x0040000
  1298. 46ec.54b0: 000002440d764000-000002440d76ffff 0x0001/0x0000 0x0000000
  1299. 46ec.54b0: *000002440d770000-000002440d770fff 0x0002/0x0002 0x0040000
  1300. 46ec.54b0: 000002440d771000-000002440d77ffff 0x0001/0x0000 0x0000000
  1301. 46ec.54b0: *000002440d780000-000002440d781fff 0x0004/0x0004 0x0020000
  1302. 46ec.54b0: 000002440d782000-00007df542f5ffff 0x0001/0x0000 0x0000000
  1303. 46ec.54b0: *00007df542f60000-00007df542f60fff 0x0002/0x0002 0x0040000
  1304. 46ec.54b0: 00007df542f61000-00007df542f6ffff 0x0001/0x0000 0x0000000
  1305. 46ec.54b0: *00007df542f70000-00007df5443f2fff 0x0000/0x0001 0x0040000
  1306. 46ec.54b0: 00007df5443f3000-00007df5444c1fff 0x0001/0x0001 0x0040000
  1307. 46ec.54b0: 00007df5444c2000-00007df544d56fff 0x0000/0x0001 0x0040000
  1308. 46ec.54b0: 00007df544d57000-00007df544d57fff 0x0001/0x0001 0x0040000
  1309. 46ec.54b0: 00007df544d58000-00007ff51b74ffff 0x0000/0x0001 0x0040000
  1310. 46ec.54b0: 00007ff51b750000-00007ff51b754fff 0x0002/0x0001 0x0040000
  1311. 46ec.54b0: 00007ff51b755000-00007ff52e8a0fff 0x0000/0x0001 0x0040000
  1312. 46ec.54b0: 00007ff52e8a1000-00007ff5325a3fff 0x0001/0x0001 0x0040000
  1313. 46ec.54b0: 00007ff5325a4000-00007ff5325acfff 0x0002/0x0001 0x0040000
  1314. 46ec.54b0: 00007ff5325ad000-00007ff542f6ffff 0x0000/0x0001 0x0040000
  1315. 46ec.54b0: 00007ff542f70000-00007ff61f80ffff 0x0001/0x0000 0x0000000
  1316. 46ec.54b0: *00007ff61f810000-00007ff61f810fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1317. 46ec.54b0: 00007ff61f811000-00007ff61f87bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1318. 46ec.54b0: 00007ff61f87c000-00007ff61f87cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1319. 46ec.54b0: 00007ff61f87d000-00007ff61f8d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1320. 46ec.54b0: 00007ff61f8d2000-00007ff61f8ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1321. 46ec.54b0: 00007ff61f8de000-00007ff61f8defff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1322. 46ec.54b0: 00007ff61f8df000-00007ff61f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1323. 46ec.54b0: 00007ff61f91a000-00007ffbd8d0ffff 0x0001/0x0000 0x0000000
  1324. 46ec.54b0: *00007ffbd8d10000-00007ffbd8d10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1325. 46ec.54b0: 00007ffbd8d11000-00007ffbd8e41fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1326. 46ec.54b0: 00007ffbd8e42000-00007ffbd8e8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1327. 46ec.54b0: 00007ffbd8e90000-00007ffbd8e93fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1328. 46ec.54b0: 00007ffbd8e94000-00007ffbd8e9bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1329. 46ec.54b0: 00007ffbd8e9c000-00007ffbd8eaafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1330. 46ec.54b0: 00007ffbd8eab000-00007ffbd8eabfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1331. 46ec.54b0: 00007ffbd8eac000-00007ffbd8eaefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1332. 46ec.54b0: 00007ffbd8eaf000-00007ffbd8f26fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  1333. 46ec.54b0: 00007ffbd8f27000-00007ffffffeffff 0x0001/0x0000 0x0000000
  1334. 46ec.54b0: supR3HardNtChildPurify: Done after 814 ms and 1 fixes (loop #1).
  1335. 3f24.31ac: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbd8d10000 g_uNtVerCombined=0xa0586700 (stack ~000000b0eb6fed80)
  1336. 46ec.54b0: supR3HardenedEarlyCompact: Removed heap 1 (0x0002855f3d0000 LB 0x800000)
  1337. 46ec.54b0: supR3HardNtEnableThreadCreationEx:
  1338. 3f24.31ac: ntdll.dll: timestamp 0x36d7bcf8 (rc=VINF_SUCCESS)
  1339. 3f24.31ac: New simple heap: #1 000002440d890000 LB 0x800000 (for 2191360 allocation)
  1340. 3f24.31ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  1341. 3f24.31ac: System32: \Device\HarddiskVolume5\Windows\System32
  1342. 3f24.31ac: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
  1343. 3f24.31ac: KnownDllPath: C:\Windows\System32
  1344. 3f24.31ac: supR3HardenedVmProcessInit: Opening vboxsup...
  1345. 3f24.31ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  1346. 3f24.31ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  1347. 3f24.31ac: Registered Dll notification callback with NTDLL.
  1348. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
  1349. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  1350. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  1351. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5e50000 LB 0x003d1000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
  1352. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
  1353. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
  1354. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7870000 LB 0x000c4000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
  1355. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  1356. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\KERNEL32.DLL'
  1357. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ff61f810000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
  1358. 3f24.31ac: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  1359. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  1360. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1361. 3f24.31ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbd8d84440 pvNtTerminateThread=00007ffbd8db0e30
  1362. 46ec.54b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 92 ms.
  1363. 3f24.31ac: \SystemRoot\System32\ntdll.dll:
  1364. 3f24.31ac: CreationTime: 2025-03-12T17:32:50.955934500Z
  1365. 3f24.31ac: LastWriteTime: 2025-03-12T17:32:51.017206900Z
  1366. 3f24.31ac: ChangeTime: 2025-03-13T22:19:28.355125000Z
  1367. 3f24.31ac: FileAttributes: 0x20
  1368. 3f24.31ac: Size: 0x216038
  1369. 3f24.31ac: NT Headers: 0xe8
  1370. 3f24.31ac: Timestamp: 0x36d7bcf8
  1371. 3f24.31ac: Machine: 0x8664 - amd64
  1372. 3f24.31ac: Timestamp: 0x36d7bcf8
  1373. 3f24.31ac: Image Version: 10.0
  1374. 3f24.31ac: SizeOfImage: 0x217000 (2191360)
  1375. 3f24.31ac: Resource Dir: 0x1a0000 LB 0x759a8
  1376. 3f24.31ac: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1377. 3f24.31ac: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  1378. 3f24.31ac: ProductName: Microsoft® Windows® Operating System
  1379. 3f24.31ac: ProductVersion: 10.0.22621.4974
  1380. 3f24.31ac: FileVersion: 10.0.22621.4974 (WinBuild.160101.0800)
  1381. 3f24.31ac: FileDescription: NT Layer DLL
  1382. 3f24.31ac: \SystemRoot\System32\kernel32.dll:
  1383. 3f24.31ac: CreationTime: 2025-03-12T17:32:50.494392400Z
  1384. 3f24.31ac: LastWriteTime: 2025-03-12T17:32:50.522189500Z
  1385. 3f24.31ac: ChangeTime: 2025-03-13T22:20:04.067768600Z
  1386. 3f24.31ac: FileAttributes: 0x20
  1387. 3f24.31ac: Size: 0xc7188
  1388. 3f24.31ac: NT Headers: 0xe8
  1389. 3f24.31ac: Timestamp: 0x8c0b1418
  1390. 3f24.31ac: Machine: 0x8664 - amd64
  1391. 3f24.31ac: Timestamp: 0x8c0b1418
  1392. 3f24.31ac: Image Version: 10.0
  1393. 3f24.31ac: SizeOfImage: 0xc4000 (802816)
  1394. 3f24.31ac: Resource Dir: 0xc2000 LB 0x520
  1395. 3f24.31ac: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1396. 3f24.31ac: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  1397. 3f24.31ac: ProductName: Microsoft® Windows® Operating System
  1398. 3f24.31ac: ProductVersion: 10.0.22621.4974
  1399. 3f24.31ac: FileVersion: 10.0.22621.4974 (WinBuild.160101.0800)
  1400. 3f24.31ac: FileDescription: Windows NT BASE API Client DLL
  1401. 3f24.31ac: \SystemRoot\System32\KernelBase.dll:
  1402. 3f24.31ac: CreationTime: 2025-03-12T17:32:51.859758200Z
  1403. 3f24.31ac: LastWriteTime: 2025-03-12T17:32:52.063051800Z
  1404. 3f24.31ac: ChangeTime: 2025-03-13T22:20:04.207799700Z
  1405. 3f24.31ac: FileAttributes: 0x20
  1406. 3f24.31ac: Size: 0x3d7f18
  1407. 3f24.31ac: NT Headers: 0xf8
  1408. 3f24.31ac: Timestamp: 0xa29a3610
  1409. 3f24.31ac: Machine: 0x8664 - amd64
  1410. 3f24.31ac: Timestamp: 0xa29a3610
  1411. 3f24.31ac: Image Version: 10.0
  1412. 3f24.31ac: SizeOfImage: 0x3d1000 (4001792)
  1413. 3f24.31ac: Resource Dir: 0x3a0000 LB 0x548
  1414. 3f24.31ac: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1415. 3f24.31ac: [Raw version resource data: 0x3a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  1416. 3f24.31ac: ProductName: Microsoft® Windows® Operating System
  1417. 3f24.31ac: ProductVersion: 10.0.22621.5037
  1418. 3f24.31ac: FileVersion: 10.0.22621.5037 (WinBuild.160101.0800)
  1419. 3f24.31ac: FileDescription: Windows NT BASE API Client DLL
  1420. 3f24.31ac: \SystemRoot\System32\apisetschema.dll:
  1421. 3f24.31ac: CreationTime: 2024-08-18T12:47:44.848835500Z
  1422. 3f24.31ac: LastWriteTime: 2024-08-18T12:47:44.854356200Z
  1423. 3f24.31ac: ChangeTime: 2025-03-12T17:34:36.442764200Z
  1424. 3f24.31ac: FileAttributes: 0x20
  1425. 3f24.31ac: Size: 0x245e0
  1426. 3f24.31ac: NT Headers: 0xc8
  1427. 3f24.31ac: Timestamp: 0x8f476251
  1428. 3f24.31ac: Machine: 0x8664 - amd64
  1429. 3f24.31ac: Timestamp: 0x8f476251
  1430. 3f24.31ac: Image Version: 10.0
  1431. 3f24.31ac: SizeOfImage: 0x23000 (143360)
  1432. 3f24.31ac: Resource Dir: 0x22000 LB 0x408
  1433. 3f24.31ac: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1434. 3f24.31ac: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  1435. 3f24.31ac: ProductName: Microsoft® Windows® Operating System
  1436. 3f24.31ac: ProductVersion: 10.0.22621.3958
  1437. 3f24.31ac: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
  1438. 3f24.31ac: FileDescription: ApiSet Schema DLL
  1439. 3f24.31ac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  1440. 3f24.31ac: supR3HardenedWinFindAdversaries: 0x0
  1441. 3f24.31ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  1442. 3f24.31ac: Calling main()
  1443. 3f24.31ac: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  1444. 3f24.31ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
  1445. 3f24.31ac: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  1446. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  1447. 3f24.31ac: SUPR3HardenedMain: Final process, opening VBoxDrv...
  1448. 3f24.31ac: supR3HardenedEarlyCompact: Removed heap 1 (0x0002440d890000 LB 0x800000)
  1449. 3f24.31ac: supR3HardNtEnableThreadCreationEx:
  1450. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  1451. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  1452. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1453. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1454. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc9e10000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  1455. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1456. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1457. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1458. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9e10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1459. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1460. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1461. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9e10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1462. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9e10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1463. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1464. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
  1465. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wintrust.dll)
  1466. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wintrust.dll
  1467. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1468. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1469. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
  1470. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  1471. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1472. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1473. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
  1474. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  1475. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1476. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd89e0000 LB 0x000a7000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
  1477. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1478. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd8bb0000 LB 0x00114000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
  1479. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1480. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd65c0000 LB 0x00072000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
  1481. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1482. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd68c0000 LB 0x00111000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
  1483. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll)
  1484. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll
  1485. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6450000 LB 0x00166000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
  1486. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\crypt32.dll)
  1487. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  1488. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1489. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1490. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  1491. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1492. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1493. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  1494. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1495. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1496. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  1497. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msasn1.dll)
  1498. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msasn1.dll
  1499. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5af0000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
  1500. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  1501. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd65c0000 'C:\Windows\system32\Wintrust.dll'
  1502. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
  1503. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
  1504. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1505. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6350000 LB 0x00028000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
  1506. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1507. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6350000 'C:\Windows\system32\bcrypt.dll'
  1508. 3f24.31ac: bcrypt.dll loaded at 00007ffbd6350000, BCryptOpenAlgorithmProvider at 00007ffbd6354520, preloading providers:
  1509. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
  1510. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
  1511. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1512. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6640000 LB 0x0007b000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
  1513. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  1514. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6640000 'C:\Windows\system32\bcryptprimitives.dll'
  1515. 3f24.31ac: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000002440e1f0fe0)
  1516. 3f24.31ac: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000002440e1f1db0)
  1517. 3f24.31ac: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000002440e1f2100)
  1518. 3f24.31ac: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000002440e1f2450)
  1519. 3f24.31ac: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000002440e1f27a0)
  1520. 3f24.31ac: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000002440e1f2af0)
  1521. 3f24.31ac: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000002440e1f2eb0)
  1522. 3f24.31ac: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000002440e1f3200)
  1523. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptsp.dll)
  1524. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptsp.dll
  1525. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5700000 LB 0x0001b000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  1526. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  1527. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rsaenh.dll)
  1528. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  1529. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1530. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1531. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd4e30000 LB 0x00037000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
  1532. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1533. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1534. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptbase.dll)
  1535. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
  1536. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd56e0000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  1537. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  1538. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  1539. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1540. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\kernel32.dll'
  1541. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1542. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1543. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd65c0000 'C:\Windows\System32\WINTRUST.DLL'
  1544. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1545. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1546. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\CRYPT32.dll'
  1547. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd8b10000 LB 0x0001f000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
  1548. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imagehlp.dll)
  1549. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imagehlp.dll
  1550. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1551. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1552. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1553. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1554. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1555. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1556. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6b90000 LB 0x000a7000 C:\Windows\System32\sechost.dll [fFlags=0x0]
  1557. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
  1558. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
  1559. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
  1560. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1561. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
  1562. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gpapi.dll)
  1563. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gpapi.dll
  1564. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5420000 LB 0x00026000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
  1565. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  1566. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1567. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
  1568. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cryptnet.dll)
  1569. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cryptnet.dll
  1570. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  1571. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume5\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  1572. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1573. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1574. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1575. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1576. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1577. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1578. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1579. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1580. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1581. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1582. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  1583. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  1584. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1585. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1586. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1587. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd09b0000 LB 0x00032000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
  1588. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1589. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1590. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1591. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1592. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1593. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1594. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1595. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1596. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1597. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1598. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1599. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1600. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1601. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1602. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1603. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1604. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1605. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1606. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1607. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1608. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1609. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1610. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1611. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1612. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1613. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1614. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1615. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1616. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1617. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  1618. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
  1619. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
  1620. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5d80000 LB 0x0002b000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
  1621. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
  1622. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7a40000 LB 0x000b1000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
  1623. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1624. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
  1625. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
  1626. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
  1627. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  1628. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1629. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1630. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1631. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1632. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  1633. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  1634. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  1635. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1636. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1637. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1638. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1639. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1640. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1641. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1642. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1643. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  1644. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: New context 000002440e2782e0
  1645. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  1646. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28BF5815E2C1F3D73DA234D7D82F1EA0BD0523D3
  1647. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1648. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1649. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8bb0000 'C:\Windows\System32\rpcrt4.dll'
  1650. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1651. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1652. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1653. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1654. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1655. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1656. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\SystemRoot\System32\ntdll.dll'
  1657. 3f24.31ac: g_pfnWinVerifyTrust=00007ffbd65d24c0
  1658. 3f24.31ac: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  1659. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1660. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1661. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1662. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1663. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1664. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1665. 3f24.31ac: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\crypt32.dll'
  1666. 3f24.31ac: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  1667. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1668. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1669. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1670. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  1671. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1672. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1673. 3f24.31ac: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\wintrust.dll'
  1674. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1675. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1676. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1677. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1678. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\advapi32.dll'
  1679. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1680. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1681. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1682. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\profapi.dll'
  1683. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1684. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1685. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1686. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptnet.dll'
  1687. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1688. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1689. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1690. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gpapi.dll'
  1691. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1692. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1693. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1694. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\sechost.dll'
  1695. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1696. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1697. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1698. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imagehlp.dll'
  1699. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1700. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1701. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1702. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptbase.dll'
  1703. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1704. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1705. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  1706. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1707. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1708. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rsaenh.dll'
  1709. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  1710. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1711. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1712. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1713. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\cryptsp.dll'
  1714. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1715. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1716. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll'
  1717. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1718. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1719. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll'
  1720. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1721. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1722. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msasn1.dll'
  1723. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1724. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1725. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll'
  1726. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1727. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1728. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll'
  1729. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1730. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1731. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll'
  1732. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1733. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1734. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  1735. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1736. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1737. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
  1738. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1739. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1740. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\KernelBase.dll'
  1741. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1742. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1743. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel32.dll'
  1744. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\system32\crypt32.dll'
  1745. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xf56e5244680e8400 CN=DYMO Root CA (for localhost), O=DYMO, OU=Dev, C=USA, L=Atlanta, ST=GA
  1746. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xa70df29e51fc4095 C=LT, O=NordVPN S.A., CN=NordVPN S.A. -ThreatProtection
  1747. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
  1748. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
  1749. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
  1750. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
  1751. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  1752. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
  1753. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x66dda7496ebabd00 CN=USB\VID_0BDA&PID_2838&MI_00 (libwdi autogenerated)
  1754. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  1755. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
  1756. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
  1757. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
  1758. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
  1759. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
  1760. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020
  1761. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xa1e31e8b0211b600 C=US, O=Google Trust Services LLC, CN=GTS Root R1
  1762. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
  1763. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
  1764. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
  1765. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
  1766. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
  1767. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
  1768. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
  1769. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1770. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x80d5e6f878f9bd00 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
  1771. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  1772. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
  1773. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x2404221294e78d00 C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
  1774. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
  1775. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
  1776. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
  1777. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
  1778. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  1779. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
  1780. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
  1781. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
  1782. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
  1783. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
  1784. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
  1785. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  1786. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
  1787. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
  1788. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x4dd6e14065368f00 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
  1789. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
  1790. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x298c3394be5bca00 C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017
  1791. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xa4031c19392e9f0e OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign
  1792. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1793. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
  1794. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert, Inc., CN=DigiCert CS RSA4096 Root G5
  1795. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
  1796. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
  1797. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  1798. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
  1799. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
  1800. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
  1801. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
  1802. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
  1803. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x665f55ebd06ce27b C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1
  1804. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
  1805. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
  1806. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
  1807. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
  1808. 3f24.31ac: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  1809. 3f24.31ac: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
  1810. 3f24.31ac: SUPR3HardenedMain: Load Runtime...
  1811. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1812. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1813. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  1814. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  1815. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  1816. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'mpr.dll'.
  1817. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
  1818. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
  1819. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
  1820. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1821. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1822. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1823. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1824. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1825. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
  1826. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) WinVerifyTrust
  1827. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  1828. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1829. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1830. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  1831. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  1832. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  1833. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1834. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1835. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  1836. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1837. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1838. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mpr.dll) WinVerifyTrust
  1839. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mpr.dll
  1840. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  1841. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  1842. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1843. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  1844. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1845. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1846. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  1847. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  1848. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140.dll) WinVerifyTrust
  1849. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  1850. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  1851. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  1852. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  1853. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  1854. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1855. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  1856. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll)
  1857. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  1858. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1859. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1860. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll'.
  1861. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll)
  1862. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  1863. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1864. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1865. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
  1866. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1867. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1868. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  1869. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
  1870. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1871. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1872. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
  1873. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  1874. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1875. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1876. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
  1877. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1878. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  1879. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  1880. 3f24.31ac: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll'
  1881. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  1882. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1883. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  1884. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
  1885. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  1886. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll
  1887. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbb5c80000 LB 0x0001e000 C:\Windows\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
  1888. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  1889. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbb7a10000 LB 0x0000c000 C:\Windows\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
  1890. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
  1891. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbb5bf0000 LB 0x0008d000 C:\Windows\SYSTEM32\MSVCP140.dll [fFlags=0x0]
  1892. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  1893. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbb97a0000 LB 0x0001e000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
  1894. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll
  1895. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd8a90000 LB 0x00071000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
  1896. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  1897. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb25590000 LB 0x006f5000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
  1898. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1899. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1900. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1901. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1902. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1903. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  1904. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1905. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1906. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1907. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1908. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1909. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1910. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  1911. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1912. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1913. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1914. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1915. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1916. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1917. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  1918. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1919. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1920. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1921. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1922. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1923. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1924. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  1925. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1926. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1927. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1928. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1929. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  1930. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1931. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\kernel32.dll'
  1932. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1933. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1934. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1935. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1936. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
  1937. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1938. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-string-l1-1-0'
  1939. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1940. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1941. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1942. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1943. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
  1944. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1945. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-localization-l1-2-1'
  1946. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1947. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1948. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1949. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1950. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
  1951. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1952. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-datetime-l1-1-1'
  1953. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1954. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1955. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1956. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1957. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
  1958. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1959. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-localization-obsolete-l1-2-0'
  1960. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1961. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1962. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1963. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1964. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1965. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1966. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1967. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1968. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1969. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1970. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1971. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1972. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1973. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1974. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1975. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1976. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1977. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1978. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1979. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1980. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1981. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1982. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1983. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1984. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1985. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1986. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1987. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1988. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1989. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1990. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1991. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1992. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1993. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1994. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1995. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1996. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1997. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  1998. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1999. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  2000. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2001. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2002. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2003. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2004. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2005. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2006. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2007. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2008. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2009. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2010. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2011. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2012. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2013. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2014. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2015. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2016. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2017. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2018. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2019. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2020. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2021. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2022. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2023. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2024. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2025. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2026. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2027. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2028. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2029. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2030. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2031. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2032. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2033. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2034. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2035. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2036. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2037. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2038. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2039. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2040. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2041. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  2042. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2043. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2044. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2045. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2046. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2047. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2048. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2049. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2050. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2051. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2052. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2053. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2054. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2055. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2056. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2057. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2058. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2059. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2060. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2061. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2062. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2063. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2064. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2065. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2066. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2067. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2068. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2069. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2070. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2071. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2072. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2073. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2074. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2075. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2076. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2077. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2078. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2079. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2080. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2081. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2082. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2083. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2084. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2085. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2086. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2087. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2088. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2089. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2090. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2091. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2092. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2093. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2094. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2095. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2096. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2097. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2098. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2099. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2100. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2101. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2102. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2103. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2104. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2105. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2106. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2107. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2108. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2109. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2110. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2111. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2112. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2113. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2114. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2115. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2116. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2117. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2118. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2119. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2120. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2121. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2122. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2123. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxRT.dll
  2124. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2125. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2126. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2127. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2128. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2129. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2130. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2131. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2132. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2133. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2134. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2135. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2136. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'.
  2137. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2138. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb25590000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2139. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2140. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2141. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll'
  2142. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll
  2143. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  2144. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd65c0000 'C:\Windows\system32\Wintrust.dll'
  2145. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2146. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2147. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2148. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2149. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\system32\crypt32.dll'
  2150. 3f24.31ac: SUPR3HardenedMain: Load TrustedMain...
  2151. 3f24.5d60: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
  2152. 3f24.5d60: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  2153. 3f24.5d60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
  2154. 3f24.5d60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll)
  2155. 3f24.5d60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll
  2156. 3f24.5d60: supR3HardenedDllNotificationCallback: load 00007ffbd4e70000 LB 0x00018000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
  2157. 3f24.5d60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
  2158. 3f24.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e70000 'api-ms-win-appmodel-runtime-l1-1-2'
  2159. 3f24.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2160. 3f24.5d60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2161. 3f24.5d60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  2162. 3f24.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2163. 3f24.5d60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2164. 3f24.5d60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll'
  2165. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2166. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2167. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'.
  2168. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2169. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
  2170. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
  2171. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'.
  2172. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt6corevbox.dll'.
  2173. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt6guivbox.dll'.
  2174. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6widgetsvbox.dll'.
  2175. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  2176. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
  2177. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
  2178. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
  2179. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
  2180. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
  2181. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
  2182. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2183. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2184. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2185. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2186. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\winmm.dll) WinVerifyTrust
  2187. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winmm.dll
  2188. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2189. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2190. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2191. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2192. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2193. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
  2194. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
  2195. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) WinVerifyTrust
  2196. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  2197. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2198. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2199. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2200. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2201. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  2202. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  2203. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  2204. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  2205. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  2206. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
  2207. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
  2208. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2209. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2210. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
  2211. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll)
  2212. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
  2213. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2214. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2215. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  2216. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2217. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2218. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2219. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
  2220. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
  2221. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
  2222. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) WinVerifyTrust
  2223. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
  2224. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2225. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2226. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  2227. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2228. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2229. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  2230. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  2231. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
  2232. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2233. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2234. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\user32.dll'.
  2235. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
  2236. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
  2237. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
  2238. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
  2239. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2240. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2241. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  2242. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
  2243. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
  2244. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
  2245. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2246. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2247. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
  2248. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2249. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2250. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  2251. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll)
  2252. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll
  2253. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2254. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2255. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2256. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2257. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2258. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2259. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2260. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2261. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
  2262. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
  2263. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) WinVerifyTrust
  2264. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  2265. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  2266. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2267. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2268. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2269. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2270. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2271. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2272. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2273. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2274. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'.
  2275. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uxtheme.dll'.
  2276. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt6guivbox.dll'.
  2277. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt6corevbox.dll'.
  2278. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2279. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
  2280. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
  2281. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140_1.dll'.
  2282. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
  2283. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
  2284. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll) WinVerifyTrust
  2285. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2286. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2287. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2288. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2289. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2290. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  2291. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2292. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2293. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  2294. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2295. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2296. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
  2297. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
  2298. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
  2299. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll)
  2300. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll
  2301. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2302. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2303. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  2304. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2305. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2306. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2307. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2308. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2309. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2310. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2311. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2312. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll'.
  2313. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mpr.dll'.
  2314. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'userenv.dll'.
  2315. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2316. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'authz.dll'.
  2317. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'netapi32.dll'.
  2318. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
  2319. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
  2320. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  2321. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'version.dll'.
  2322. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
  2323. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
  2324. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msvcp140.dll'.
  2325. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msvcp140_1.dll'.
  2326. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'vcruntime140.dll'.
  2327. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'vcruntime140_1.dll'.
  2328. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll)
  2329. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2330. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2331. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2332. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll'.
  2333. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
  2334. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
  2335. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  2336. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  2337. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  2338. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2339. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'dwrite.dll'.
  2340. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6corevbox.dll'.
  2341. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140.dll'.
  2342. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcp140_1.dll'.
  2343. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140_2.dll'.
  2344. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140.dll'.
  2345. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140_1.dll'.
  2346. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll)
  2347. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  2348. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
  2349. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
  2350. 3f24.31ac: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
  2351. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
  2352. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
  2353. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\uxtheme.dll)
  2354. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
  2355. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  2356. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  2357. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
  2358. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'win32u.dll'.
  2359. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
  2360. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
  2361. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dwmapi.dll)
  2362. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
  2363. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2364. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2365. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2366. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2367. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2368. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2369. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2370. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2371. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2372. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2373. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2374. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2375. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2376. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2377. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2378. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2379. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2380. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  2381. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2382. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2383. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  2384. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_2.dll'...
  2385. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_2.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll' [rcNtRedir=0xc0150008]
  2386. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll'.
  2387. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
  2388. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
  2389. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
  2390. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll)
  2391. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll
  2392. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2393. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2394. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
  2395. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2396. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2397. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  2398. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2399. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2400. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [lacks WinVerifyTrust]
  2401. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwrite.dll'...
  2402. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwrite.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwrite.dll' [rcNtRedir=0xc0150008]
  2403. 3f24.31ac: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\DWrite.dll'.
  2404. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2405. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  2406. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\DWrite.dll)
  2407. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DWrite.dll
  2408. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2409. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2410. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2411. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2412. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2413. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
  2414. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2415. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
  2416. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
  2417. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll)
  2418. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
  2419. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2420. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2421. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  2422. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2423. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2424. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2425. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
  2426. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
  2427. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
  2428. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2429. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'win32u.dll'.
  2430. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dxgi.dll)
  2431. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dxgi.dll
  2432. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
  2433. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
  2434. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
  2435. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2436. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'dxgi.dll'.
  2437. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'win32u.dll'.
  2438. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d11.dll)
  2439. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d11.dll
  2440. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2441. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2442. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  2443. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2444. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2445. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  2446. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2447. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2448. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
  2449. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2450. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2451. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  2452. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2453. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2454. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  2455. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2456. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2457. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
  2458. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  2459. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  2460. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
  2461. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2462. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\version.dll)
  2463. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\version.dll
  2464. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2465. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2466. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2467. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2468. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2469. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
  2470. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2471. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2472. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  2473. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
  2474. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
  2475. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
  2476. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2477. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netapi32.dll)
  2478. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netapi32.dll
  2479. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'authz.dll'...
  2480. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'authz.dll' -> '\Device\HarddiskVolume5\Windows\System32\authz.dll' [rcNtRedir=0xc0150008]
  2481. 3f24.31ac: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume5\Windows\System32\authz.dll'.
  2482. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\authz.dll)
  2483. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\authz.dll
  2484. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2485. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2486. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  2487. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
  2488. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
  2489. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
  2490. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
  2491. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\userenv.dll)
  2492. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\userenv.dll
  2493. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  2494. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume5\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  2495. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mpr.dll
  2496. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2497. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2498. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2499. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2500. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  2501. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2502. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2503. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2504. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2505. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  2506. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2507. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2508. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  2509. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2510. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2511. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2512. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
  2513. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
  2514. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
  2515. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2516. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2517. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
  2518. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2519. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2520. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2521. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2522. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2523. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
  2524. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2525. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2526. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2527. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2528. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2529. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2530. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2531. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2532. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
  2533. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2534. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2535. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2536. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2537. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  2538. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2539. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2540. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  2541. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2542. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2543. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2544. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2545. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  2546. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2547. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2548. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
  2549. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
  2550. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  2551. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  2552. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  2553. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2554. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'dwrite.dll'.
  2555. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6corevbox.dll'.
  2556. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140.dll'.
  2557. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcp140_1.dll'.
  2558. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140_2.dll'.
  2559. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140.dll'.
  2560. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140_1.dll'.
  2561. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll) WinVerifyTrust
  2562. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2563. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2564. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [redoing WinVerifyTrust]
  2565. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2566. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2567. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  2568. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2569. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2570. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_2.dll'...
  2571. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_2.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll' [rcNtRedir=0xc0150008]
  2572. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll [lacks WinVerifyTrust]
  2573. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2574. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2575. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
  2576. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2577. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2578. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  2579. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2580. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2581. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [lacks WinVerifyTrust]
  2582. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwrite.dll'...
  2583. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwrite.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwrite.dll' [rcNtRedir=0xc0150008]
  2584. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll [lacks WinVerifyTrust]
  2585. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2586. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2587. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2588. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2589. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2590. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
  2591. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2592. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2593. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  2594. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2595. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2596. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2597. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
  2598. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
  2599. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
  2600. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
  2601. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
  2602. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [lacks WinVerifyTrust]
  2603. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2604. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2605. 3f24.31ac: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll'
  2606. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2607. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2608. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2609. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2610. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  2611. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2612. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2613. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2614. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2615. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
  2616. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
  2617. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2618. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2619. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  2620. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
  2621. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
  2622. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp140.dll'.
  2623. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt6corevbox.dll'.
  2624. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt6guivbox.dll'.
  2625. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt6widgetsvbox.dll'.
  2626. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6helpvbox.dll'.
  2627. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt6statemachinevbox.dll'.
  2628. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'user32.dll'.
  2629. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
  2630. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ole32.dll'.
  2631. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
  2632. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
  2633. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
  2634. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
  2635. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2636. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2637. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2638. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2639. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  2640. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2641. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2642. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  2643. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2644. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2645. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  2646. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2647. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2648. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [redoing WinVerifyTrust]
  2649. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2650. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2651. 3f24.31ac: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\user32.dll'
  2652. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6statemachinevbox.dll'...
  2653. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6statemachinevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6statemachinevbox.dll' [rcNtRedir=0xc0150008]
  2654. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2655. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2656. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt6guivbox.dll'.
  2657. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt6corevbox.dll'.
  2658. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
  2659. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll) WinVerifyTrust
  2660. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll
  2661. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6helpvbox.dll'...
  2662. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6helpvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6helpvbox.dll' [rcNtRedir=0xc0150008]
  2663. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2664. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2665. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2666. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2667. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2668. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2669. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2670. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [lacks WinVerifyTrust]
  2671. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2672. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2673. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt6sqlvbox.dll'.
  2674. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt6widgetsvbox.dll'.
  2675. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt6guivbox.dll'.
  2676. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt6corevbox.dll'.
  2677. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'.
  2678. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'.
  2679. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'vcruntime140_1.dll'.
  2680. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll) WinVerifyTrust
  2681. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll
  2682. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  2683. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  2684. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2685. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2686. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2687. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [redoing WinVerifyTrust]
  2688. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2689. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2690. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2691. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2692. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2693. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2694. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2695. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2696. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2697. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2698. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2699. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [lacks WinVerifyTrust]
  2700. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  2701. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  2702. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2703. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6sqlvbox.dll'...
  2704. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6sqlvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6sqlvbox.dll' [rcNtRedir=0xc0150008]
  2705. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2706. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt6corevbox.dll'.
  2707. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp140.dll'.
  2708. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
  2709. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
  2710. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll)
  2711. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll
  2712. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2713. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2714. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2715. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2716. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2717. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2718. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2719. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2720. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2721. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  2722. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  2723. 3f24.31ac: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll'
  2724. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2725. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2726. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2727. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2728. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2729. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2730. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2731. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2732. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2733. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140.dll
  2734. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2735. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2736. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  2737. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
  2738. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
  2739. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2740. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  2741. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2742. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
  2743. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll
  2744. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll
  2745. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
  2746. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\authz.dll [avoiding WinVerifyTrust]
  2747. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
  2748. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll [avoiding WinVerifyTrust]
  2749. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
  2750. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
  2751. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
  2752. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll [avoiding WinVerifyTrust]
  2753. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll [avoiding WinVerifyTrust]
  2754. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
  2755. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
  2756. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll [avoiding WinVerifyTrust]
  2757. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\netutils.dll)
  2758. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\netutils.dll
  2759. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  2760. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\srvcli.dll)
  2761. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\srvcli.dll
  2762. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5450000 LB 0x00028000 C:\Windows\SYSTEM32\USERENV.dll [fFlags=0x0]
  2763. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
  2764. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd4a50000 LB 0x00050000 C:\Windows\SYSTEM32\AUTHZ.dll [fFlags=0x0]
  2765. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\authz.dll [avoiding WinVerifyTrust]
  2766. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc7330000 LB 0x00019000 C:\Windows\SYSTEM32\NETAPI32.dll [fFlags=0x0]
  2767. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
  2768. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd63b0000 LB 0x0009a000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
  2769. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
  2770. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6380000 LB 0x00026000 C:\Windows\System32\win32u.dll [fFlags=0x0]
  2771. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
  2772. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd71d0000 LB 0x001b1000 C:\Windows\System32\USER32.dll [fFlags=0x0]
  2773. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6230000 LB 0x0011b000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
  2774. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2775. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
  2776. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
  2777. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'win32u.dll'.
  2778. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32full.dll)
  2779. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32full.dll
  2780. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6e00000 LB 0x00029000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
  2781. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
  2782. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6e30000 LB 0x00390000 C:\Windows\System32\combase.dll [fFlags=0x0]
  2783. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [avoiding WinVerifyTrust]
  2784. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd76c0000 LB 0x001a1000 C:\Windows\System32\ole32.dll [fFlags=0x0]
  2785. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  2786. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd66c0000 LB 0x0013f000 C:\Windows\System32\wintypes.dll [fFlags=0x0]
  2787. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
  2788. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WinTypes.dll)
  2789. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WinTypes.dll
  2790. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd8150000 LB 0x00888000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
  2791. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
  2792. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd0a20000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
  2793. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll [avoiding WinVerifyTrust]
  2794. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcf410000 LB 0x00034000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
  2795. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
  2796. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbb1540000 LB 0x00009000 C:\Windows\SYSTEM32\MSVCP140_1.dll [fFlags=0x0]
  2797. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
  2798. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd48c0000 LB 0x0000c000 C:\Windows\SYSTEM32\NETUTILS.DLL [fFlags=0x0]
  2799. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
  2800. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc7bf0000 LB 0x00028000 C:\Windows\SYSTEM32\SRVCLI.DLL [fFlags=0x0]
  2801. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
  2802. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb89520000 LB 0x00588000 C:\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [fFlags=0x0]
  2803. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd35d0000 LB 0x000f7000 C:\Windows\SYSTEM32\dxgi.dll [fFlags=0x0]
  2804. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
  2805. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd1b10000 LB 0x00257000 C:\Windows\SYSTEM32\d3d11.dll [fFlags=0x0]
  2806. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
  2807. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd1220000 LB 0x00273000 C:\Windows\SYSTEM32\DWrite.dll [fFlags=0x0]
  2808. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\DWrite.dll [avoiding WinVerifyTrust]
  2809. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb43290000 LB 0x00041000 C:\Windows\SYSTEM32\MSVCP140_2.dll [fFlags=0x0]
  2810. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll [avoiding WinVerifyTrust]
  2811. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb88da0000 LB 0x00773000 C:\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [fFlags=0x0]
  2812. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  2813. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd37e0000 LB 0x0002b000 C:\Windows\SYSTEM32\dwmapi.dll [fFlags=0x0]
  2814. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
  2815. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd3470000 LB 0x000b3000 C:\Windows\SYSTEM32\UxTheme.dll [fFlags=0x0]
  2816. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
  2817. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb24fc0000 LB 0x005c1000 C:\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll [fFlags=0x0]
  2818. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2819. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc9ee0000 LB 0x00047000 C:\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll [fFlags=0x0]
  2820. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll [avoiding WinVerifyTrust]
  2821. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc9c40000 LB 0x0008b000 C:\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll [fFlags=0x0]
  2822. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll
  2823. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd2720000 LB 0x0004f000 C:\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll [fFlags=0x0]
  2824. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll
  2825. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd75e0000 LB 0x000d7000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
  2826. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  2827. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffaed540000 LB 0x01b4a000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
  2828. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\UICommon.dll
  2829. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb2ffc0000 LB 0x00154000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
  2830. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
  2831. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
  2832. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll)
  2833. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll
  2834. 3f24.31ac: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000005b0 (hFile=0000000000000580) with 0xc0000022 -> STATUS_TRUST_FAILURE
  2835. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
  2836. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
  2837. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll'.
  2838. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll' [rescheduled]
  2839. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
  2840. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
  2841. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
  2842. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
  2843. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
  2844. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
  2845. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2846. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  2847. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
  2848. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
  2849. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\authz.dll'.
  2850. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\authz.dll' [rescheduled]
  2851. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
  2852. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
  2853. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
  2854. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
  2855. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
  2856. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
  2857. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
  2858. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
  2859. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
  2860. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
  2861. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\DWrite.dll'.
  2862. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DWrite.dll' [rescheduled]
  2863. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll'.
  2864. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll' [rescheduled]
  2865. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
  2866. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
  2867. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
  2868. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
  2869. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
  2870. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
  2871. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  2872. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
  2873. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  2874. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
  2875. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
  2876. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
  2877. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  2878. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
  2879. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [redoing WinVerifyTrust]
  2880. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
  2881. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\imm32.dll
  2882. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2883. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2884. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust]
  2885. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  2886. 3f24.31ac: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll
  2887. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  2888. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  2889. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [redoing WinVerifyTrust]
  2890. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  2891. 3f24.31ac: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\combase.dll
  2892. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2893. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2894. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [redoing WinVerifyTrust]
  2895. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  2896. 3f24.31ac: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\win32u.dll
  2897. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2898. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2899. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2900. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2901. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
  2902. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  2903. 3f24.31ac: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\gdi32.dll
  2904. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2905. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2906. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
  2907. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
  2908. 3f24.31ac: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
  2909. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2910. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2911. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2912. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7940000 LB 0x00031000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
  2913. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
  2914. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7940000 'C:\Windows\system32\IMM32.DLL'
  2915. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
  2916. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
  2917. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll'.
  2918. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll' [rescheduled]
  2919. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
  2920. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
  2921. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
  2922. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
  2923. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
  2924. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
  2925. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2926. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  2927. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
  2928. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
  2929. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\authz.dll'.
  2930. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\authz.dll' [rescheduled]
  2931. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
  2932. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
  2933. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
  2934. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
  2935. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
  2936. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
  2937. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
  2938. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
  2939. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
  2940. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
  2941. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\DWrite.dll'.
  2942. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DWrite.dll' [rescheduled]
  2943. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll'.
  2944. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll' [rescheduled]
  2945. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
  2946. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
  2947. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
  2948. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
  2949. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
  2950. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
  2951. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  2952. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
  2953. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  2954. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
  2955. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
  2956. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
  2957. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  2958. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
  2959. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
  2960. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
  2961. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll'.
  2962. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll' [rescheduled]
  2963. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
  2964. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
  2965. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
  2966. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
  2967. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
  2968. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
  2969. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2970. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  2971. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
  2972. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
  2973. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\authz.dll'.
  2974. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\authz.dll' [rescheduled]
  2975. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
  2976. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
  2977. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
  2978. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
  2979. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
  2980. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
  2981. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
  2982. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
  2983. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
  2984. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
  2985. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\DWrite.dll'.
  2986. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DWrite.dll' [rescheduled]
  2987. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll'.
  2988. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll' [rescheduled]
  2989. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
  2990. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
  2991. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
  2992. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
  2993. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
  2994. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
  2995. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  2996. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
  2997. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  2998. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
  2999. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
  3000. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
  3001. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  3002. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
  3003. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
  3004. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  3005. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume5\Windows\System32\gdi32.dll
  3006. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6e00000 'C:\Windows\System32\gdi32.dll'
  3007. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\imm32.dll'.
  3008. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rescheduled]
  3009. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll'.
  3010. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll' [rescheduled]
  3011. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'.
  3012. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll' [rescheduled]
  3013. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'.
  3014. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll' [rescheduled]
  3015. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netutils.dll'.
  3016. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll' [rescheduled]
  3017. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  3018. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  3019. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\userenv.dll'.
  3020. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll' [rescheduled]
  3021. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\authz.dll'.
  3022. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\authz.dll' [rescheduled]
  3023. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'.
  3024. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll' [rescheduled]
  3025. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\version.dll'.
  3026. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\version.dll' [rescheduled]
  3027. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'.
  3028. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll' [rescheduled]
  3029. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'.
  3030. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll' [rescheduled]
  3031. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\shell32.dll'.
  3032. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rescheduled]
  3033. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\DWrite.dll'.
  3034. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DWrite.dll' [rescheduled]
  3035. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll'.
  3036. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll' [rescheduled]
  3037. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'.
  3038. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rescheduled]
  3039. 3f24.31ac: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'.
  3040. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rescheduled]
  3041. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'.
  3042. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll' [rescheduled]
  3043. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\win32u.dll'.
  3044. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rescheduled]
  3045. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'.
  3046. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rescheduled]
  3047. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'.
  3048. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rescheduled]
  3049. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\combase.dll'.
  3050. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rescheduled]
  3051. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb2ffc0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
  3052. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3053. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3054. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\imm32.dll'
  3055. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3056. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3057. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\WinTypes.dll'
  3058. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3059. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3060. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32full.dll'
  3061. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3062. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3063. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\srvcli.dll'
  3064. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3065. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3066. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\netutils.dll'
  3067. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3068. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3069. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'
  3070. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3071. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3072. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\userenv.dll'
  3073. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume5\Windows\System32\authz.dll
  3074. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3075. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3076. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35A08DD1CF3C7ACA286DE00029F21D5B286CF85E
  3077. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3078. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3079. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\authz.dll'
  3080. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3081. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\authz.dll'
  3082. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3083. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3084. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\netapi32.dll'
  3085. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3086. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3087. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\version.dll'
  3088. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3089. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3090. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\d3d11.dll'
  3091. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3092. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  3093. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3094. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3095. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dxgi.dll'
  3096. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3097. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3098. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shell32.dll'
  3099. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume5\Windows\System32\DWrite.dll
  3100. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3101. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3102. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3A14F493351233539FC8E1DDF869B897830701F4
  3103. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3104. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3105. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051021~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\DWrite.dll'
  3106. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3107. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\DWrite.dll'
  3108. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  3109. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3110. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3111. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3112. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_2.dll'
  3113. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3114. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3115. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll'
  3116. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume5\Windows\System32\uxtheme.dll
  3117. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3118. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3119. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39A793A611F3CBD0CA1BB792D98180D7E9E0E443
  3120. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3121. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3122. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
  3123. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3124. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll'
  3125. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3126. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3127. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp140_1.dll'
  3128. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3129. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3130. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\win32u.dll'
  3131. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3132. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3133. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\gdi32.dll'
  3134. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3135. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3136. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll'
  3137. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3138. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3139. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\combase.dll'
  3140. 3f24.31ac: SUPR3HardenedMain: Calling TrustedMain (00007ffb2ffc19a0)...
  3141. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
  3142. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
  3143. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll)
  3144. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll
  3145. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd3d60000 LB 0x0090d000 C:\Windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
  3146. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
  3147. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7fd0000 LB 0x0010a000 C:\Windows\System32\SHCORE.dll [fFlags=0x0]
  3148. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  3149. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll)
  3150. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll
  3151. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7580000 LB 0x0005e000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
  3152. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  3153. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
  3154. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
  3155. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3156. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3157. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3158. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3159. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
  3160. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3161. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3162. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
  3163. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3164. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3165. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
  3166. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3167. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3168. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll'
  3169. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3170. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3171. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\SHCore.dll'
  3172. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3173. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3174. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\windows.storage.dll'
  3175. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3176. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3177. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
  3178. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dwmapi.dll'.
  3179. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  3180. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
  3181. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  3182. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  3183. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'setupapi.dll'.
  3184. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'.
  3185. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
  3186. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  3187. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
  3188. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'wtsapi32.dll'.
  3189. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'comdlg32.dll'.
  3190. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'd3d9.dll'.
  3191. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'qt6guivbox.dll'.
  3192. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'qt6corevbox.dll'.
  3193. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'msvcp140.dll'.
  3194. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'vcruntime140.dll'.
  3195. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'vcruntime140_1.dll'.
  3196. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll) WinVerifyTrust
  3197. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll
  3198. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3199. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3200. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3201. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3202. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  3203. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  3204. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  3205. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  3206. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  3207. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  3208. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  3209. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d9.dll'...
  3210. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d9.dll' -> '\Device\HarddiskVolume5\Windows\System32\d3d9.dll' [rcNtRedir=0xc0150008]
  3211. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3212. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3213. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3214. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  3215. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'win32u.dll'.
  3216. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
  3217. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dwmapi.dll'.
  3218. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\d3d9.dll) WinVerifyTrust
  3219. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\d3d9.dll
  3220. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  3221. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  3222. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000770 pwszName=\Device\HarddiskVolume5\Windows\System32\comdlg32.dll
  3223. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3224. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3225. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A8CA960FAC4C7D072818494CB78FA226758A25C
  3226. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  3227. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  3228. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
  3229. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3230. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3231. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  3232. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  3233. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3234. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3235. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3236. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3237. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3238. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3239. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05114~31bf3856ad364e35~amd64~~10.0.22621.5037.cat'; file='\Device\HarddiskVolume5\Windows\System32\comdlg32.dll'
  3240. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3241. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  3242. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
  3243. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
  3244. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #61 'shlwapi.dll'.
  3245. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #62 'gdi32.dll'.
  3246. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #63 'comctl32.dll'.
  3247. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'shell32.dll'.
  3248. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comdlg32.dll) WinVerifyTrust
  3249. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
  3250. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
  3251. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
  3252. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  3253. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  3254. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  3255. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
  3256. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
  3257. 3f24.31ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
  3258. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  3259. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  3260. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3261. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\comctl32.dll)
  3262. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\comctl32.dll
  3263. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3264. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3265. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  3266. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  3267. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
  3268. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3269. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3270. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3271. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3272. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3273. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3274. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3275. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3276. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3277. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3278. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3279. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3280. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  3281. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3282. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3283. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3284. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wtsapi32.dll) WinVerifyTrust
  3285. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
  3286. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3287. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3288. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
  3289. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3290. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3291. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  3292. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  3293. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
  3294. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  3295. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  3296. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  3297. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  3298. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  3299. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3300. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3301. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3302. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3303. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3304. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\setupapi.dll) WinVerifyTrust
  3305. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\setupapi.dll
  3306. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3307. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3308. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  3309. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3310. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3311. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  3312. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  3313. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  3314. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll
  3315. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3316. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3317. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  3318. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  3319. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dwmapi.dll
  3320. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3321. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3322. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  3323. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3324. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3325. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3326. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll
  3327. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
  3328. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  3329. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  3330. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3331. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll)
  3332. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll
  3333. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d9.dll
  3334. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  3335. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
  3336. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DXCore.dll)
  3337. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DXCore.dll
  3338. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7b50000 LB 0x00474000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
  3339. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
  3340. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd4c90000 LB 0x00014000 C:\Windows\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
  3341. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wtsapi32.dll
  3342. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc02e0000 LB 0x000b3000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\COMCTL32.dll [fFlags=0x0]
  3343. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll [avoiding WinVerifyTrust]
  3344. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd6a10000 LB 0x00102000 C:\Windows\System32\COMDLG32.dll [fFlags=0x0]
  3345. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\comdlg32.dll
  3346. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd3590000 LB 0x00037000 C:\Windows\SYSTEM32\dxcore.dll [fFlags=0x0]
  3347. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DXCore.dll [avoiding WinVerifyTrust]
  3348. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbb6cc0000 LB 0x001a8000 C:\Windows\SYSTEM32\d3d9.dll [fFlags=0x0]
  3349. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\d3d9.dll
  3350. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb88cd0000 LB 0x000cd000 C:\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll [fFlags=0x0]
  3351. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll
  3352. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'.
  3353. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled]
  3354. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll'.
  3355. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll' [rescheduled]
  3356. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
  3357. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rescheduled]
  3358. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll
  3359. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  3360. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  3361. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3362. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3363. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3364. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3365. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3366. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3367. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll
  3368. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3369. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3370. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  3371. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3372. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7940000 'C:\Windows\System32\imm32.dll'
  3373. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'.
  3374. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll' [rescheduled]
  3375. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll'.
  3376. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll' [rescheduled]
  3377. 3f24.31ac: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'.
  3378. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll' [rescheduled]
  3379. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88cd0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll'
  3380. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3381. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3382. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\DXCore.dll'
  3383. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3384. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3385. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22621.3527_none_b43b7f4b638cc64f\comctl32.dll'
  3386. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3387. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3388. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\comctl32.dll'
  3389. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
  3390. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'.
  3391. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
  3392. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #52 'msvcp_win.dll'.
  3393. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\rpcss.dll)
  3394. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcss.dll
  3395. 3f24.31ac: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000006b4 (hFile=00000000000006bc) with 0xc0000022 -> STATUS_TRUST_FAILURE
  3396. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c0 pwszName=\Device\HarddiskVolume5\Windows\System32\rpcss.dll
  3397. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3398. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3399. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE801CC70F2DB8C5D1D7E0C1FC570B58BEF5FA59
  3400. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3401. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3402. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3403. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3404. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
  3405. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  3406. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  3407. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
  3408. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3409. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3410. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3411. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3412. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\rpcss.dll'
  3413. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3414. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\rpcss.dll'
  3415. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
  3416. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3417. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd3470000 'C:\Windows\system32\uxtheme.dll'
  3418. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
  3419. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll)
  3420. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll
  3421. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5100000 LB 0x0004d000 C:\Windows\SYSTEM32\powrprof.dll [fFlags=0x0]
  3422. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
  3423. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\umpdc.dll)
  3424. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\umpdc.dll
  3425. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd4ff0000 LB 0x00013000 C:\Windows\SYSTEM32\UMPDC.dll [fFlags=0x0]
  3426. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
  3427. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7390000 LB 0x0015d000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
  3428. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3429. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msctf.dll)
  3430. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msctf.dll
  3431. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3432. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3433. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3434. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3435. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3436. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3437. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\msctf.dll'
  3438. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3439. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3440. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\umpdc.dll'
  3441. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3442. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3443. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\powrprof.dll'
  3444. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll
  3445. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3446. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd71d0000 'C:\Windows\System32\USER32.dll'
  3447. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3448. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3449. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'.
  3450. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\devobj.dll) WinVerifyTrust
  3451. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\devobj.dll
  3452. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  3453. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  3454. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3455. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3456. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll) WinVerifyTrust
  3457. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
  3458. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DEVOBJ.dll (Input=DEVOBJ.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3459. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
  3460. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
  3461. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5b40000 LB 0x0004e000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
  3462. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
  3463. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5b10000 LB 0x0002c000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
  3464. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
  3465. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5b10000 'C:\Windows\System32\DEVOBJ.dll'
  3466. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3467. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3468. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  3469. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  3470. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'.
  3471. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt6widgetsvbox.dll'.
  3472. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt6guivbox.dll'.
  3473. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt6corevbox.dll'.
  3474. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'.
  3475. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'.
  3476. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll) WinVerifyTrust
  3477. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll
  3478. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3479. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3480. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3481. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3482. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  3483. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  3484. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  3485. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  3486. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  3487. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  3488. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  3489. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  3490. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
  3491. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume5\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
  3492. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
  3493. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3494. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3495. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3496. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3497. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3498. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll
  3499. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc9c10000 LB 0x00025000 C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll [fFlags=0x0]
  3500. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll
  3501. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9c10000 'C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll'
  3502. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\uxtheme.dll
  3503. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3504. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd3470000 'C:\Windows\System32\uxtheme.dll'
  3505. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3506. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3507. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3508. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
  3509. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
  3510. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll) WinVerifyTrust
  3511. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll
  3512. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3513. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3514. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3515. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3516. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3517. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3518. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
  3519. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll
  3520. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc19f0000 LB 0x00292000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll [fFlags=0x0]
  3521. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll
  3522. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc19f0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll'
  3523. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll
  3524. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
  3525. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc19f0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.4830_none_270fe7d773858e80\comctl32.dll'
  3526. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll)
  3527. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll
  3528. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd3240000 LB 0x001b0000 C:\Windows\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
  3529. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
  3530. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd7980000 LB 0x000b0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
  3531. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3532. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
  3533. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\clbcatq.dll)
  3534. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\clbcatq.dll
  3535. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3536. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3537. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
  3538. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3539. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3540. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3541. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3542. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\clbcatq.dll'
  3543. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3544. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3545. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\WindowsCodecs.dll'
  3546. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3547. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3548. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'msvcp_win.dll'.
  3549. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\thumbcache.dll) WinVerifyTrust
  3550. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\thumbcache.dll
  3551. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3552. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3553. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3554. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\thumbcache.dll
  3555. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb9d270000 LB 0x0006a000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
  3556. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\thumbcache.dll
  3557. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb9d270000 'C:\Windows\System32\thumbcache.dll'
  3558. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcss.dll
  3559. 3f24.31ac: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000880 (hFile=0000000000000874) with 0xc0000022 -> STATUS_TRUST_FAILURE
  3560. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3561. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3562. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  3563. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  3564. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  3565. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  3566. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'.
  3567. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
  3568. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
  3569. 3f24.10b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
  3570. 3f24.10b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
  3571. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3572. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3573. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  3574. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3575. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3576. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  3577. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3578. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3579. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  3580. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3581. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3582. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  3583. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  3584. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3585. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3586. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3587. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3588. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3589. 3f24.10b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
  3590. 3f24.10b4: supR3HardenedDllNotificationCallback: load 00007ffb721e0000 LB 0x003f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
  3591. 3f24.10b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
  3592. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb721e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
  3593. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3594. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3595. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  3596. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3597. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
  3598. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
  3599. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
  3600. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
  3601. 3f24.10b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  3602. 3f24.10b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
  3603. 3f24.10b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
  3604. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3605. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3606. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3607. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3608. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  3609. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3610. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3611. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll
  3612. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  3613. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  3614. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
  3615. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3616. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3617. 3f24.10b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll
  3618. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3619. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3620. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3621. 3f24.10b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3622. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3623. 3f24.10b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
  3624. 3f24.10b4: supR3HardenedDllNotificationCallback: load 00007ffb88be0000 LB 0x000e9000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
  3625. 3f24.10b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
  3626. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb88be0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
  3627. 3f24.10b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  3628. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3629. 3f24.10b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd75e0000 'C:\Windows\System32\oleaut32.dll'
  3630. 3f24.31ac: '\Device\HarddiskVolume5\Windows\System32\tzres.dll' has no imports
  3631. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\tzres.dll)
  3632. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\tzres.dll
  3633. 3f24.31ac: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000009ec (hFile=00000000000009bc) with 0xc0000022 -> STATUS_TRUST_FAILURE
  3634. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
  3635. 3f24.31ac: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000009bc (hFile=00000000000009ec) with 0xc0000022 -> STATUS_TRUST_FAILURE
  3636. 3f24.4918: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume5\Windows\System32\tzres.dll
  3637. 3f24.4918: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3638. 3f24.4918: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3639. 3f24.4918: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C937369FF20DE75362318875CB965C74D59448F3
  3640. 3f24.4918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3641. 3f24.4918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3642. 3f24.4918: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\tzres.dll'
  3643. 3f24.4918: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3644. 3f24.4918: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\tzres.dll'
  3645. 3f24.4918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3646. 3f24.4918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3647. 3f24.4918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  3648. 3f24.4918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  3649. 3f24.4918: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  3650. 3f24.4918: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
  3651. 3f24.4918: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3652. 3f24.4918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3653. 3f24.4918: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3654. 3f24.4918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3655. 3f24.4918: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3656. 3f24.4918: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3657. 3f24.4918: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3658. 3f24.4918: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3659. 3f24.4918: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3660. 3f24.4918: supR3HardenedDllNotificationCallback: load 00007ffb231c0000 LB 0x0058f000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
  3661. 3f24.4918: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3662. 3f24.4918: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb231c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
  3663. 3f24.31ac: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll: Signature #2/3: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x674f5e4f; retrying against current time: 0x67f2b435.
  3664. 3f24.31ac: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll: Signature #2/3: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x67f2b435/now.
  3665. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3666. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3667. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'version.dll'.
  3668. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
  3669. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll) WinVerifyTrust
  3670. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll
  3671. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3672. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3673. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  3674. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  3675. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
  3676. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3677. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll
  3678. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcb010000 LB 0x000c4000 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll [fFlags=0x0]
  3679. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll
  3680. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  3681. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3682. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  3683. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  3684. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3685. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  3686. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  3687. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3688. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  3689. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  3690. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3691. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\kernel32.dll'
  3692. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcb010000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll'
  3693. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msasn1.dll
  3694. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msasn1.dll (Input=msasn1.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3695. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5af0000 'C:\Windows\System32\msasn1.dll'
  3696. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd09b0000 'C:\Windows\System32\cryptnet.dll'
  3697. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\cryptbase.dll
  3698. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3699. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd56e0000 'C:\Windows\System32\cryptbase.dll'
  3700. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3701. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3702. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  3703. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'oleaut32.dll'.
  3704. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wldp.dll) WinVerifyTrust
  3705. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wldp.dll
  3706. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3707. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3708. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  3709. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3710. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3711. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wldp.dll (Input=wldp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3712. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wldp.dll
  3713. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd5630000 LB 0x0004a000 C:\Windows\System32\wldp.dll [fFlags=0x0]
  3714. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wldp.dll
  3715. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5630000 'C:\Windows\System32\wldp.dll'
  3716. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3717. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3718. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3719. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\drvstore.dll) WinVerifyTrust
  3720. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\drvstore.dll
  3721. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3722. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3723. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
  3724. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\drvstore.dll (Input=drvstore.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3725. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drvstore.dll
  3726. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd04b0000 LB 0x00162000 C:\Windows\System32\drvstore.dll [fFlags=0x0]
  3727. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\drvstore.dll
  3728. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd04b0000 'C:\Windows\System32\drvstore.dll'
  3729. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
  3730. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\devobj.dll (Input=devobj.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3731. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5b10000 'C:\Windows\System32\devobj.dll'
  3732. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3733. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wintrust.dll
  3734. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wintrust.dll (Input=wintrust.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3735. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd65c0000 'C:\Windows\System32\wintrust.dll'
  3736. 3f24.31ac: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll: Signature #2/3: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x674f5f1d; retrying against current time: 0x67f2b436.
  3737. 3f24.31ac: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll: Signature #2/3: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x67f2b436/now.
  3738. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3739. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3740. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
  3741. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
  3742. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  3743. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll) WinVerifyTrust
  3744. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll
  3745. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3746. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3747. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  3748. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  3749. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  3750. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3751. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3752. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3753. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll
  3754. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc2bf0000 LB 0x02d10000 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll [fFlags=0x0]
  3755. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll
  3756. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  3757. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3758. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  3759. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  3760. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3761. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  3762. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  3763. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3764. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  3765. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  3766. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3767. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\kernel32.dll'
  3768. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
  3769. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3770. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-string-l1-1-0'
  3771. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
  3772. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3773. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-localization-l1-2-1'
  3774. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
  3775. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3776. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-datetime-l1-1-1'
  3777. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
  3778. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3779. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-localization-obsolete-l1-2-0'
  3780. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc2bf0000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll'
  3781. 3f24.31ac: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll: Signature #2/3: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x674f5d85; retrying against current time: 0x67f2b436.
  3782. 3f24.31ac: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll: Signature #2/3: VERR_CR_X509_CPV_NOT_VALID_AT_TIME (-23033) w/ timestamp=0x67f2b436/now.
  3783. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3784. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3785. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
  3786. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  3787. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  3788. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  3789. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
  3790. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll) WinVerifyTrust
  3791. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll
  3792. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3793. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume5\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3794. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\winmm.dll
  3795. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3796. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3797. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3798. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3799. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3800. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3801. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  3802. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume5\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  3803. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
  3804. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3805. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll
  3806. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffb6fd70000 LB 0x01d8c000 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll [fFlags=0x0]
  3807. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll
  3808. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  3809. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3810. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  3811. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  3812. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3813. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  3814. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  3815. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3816. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  3817. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  3818. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3819. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\kernel32.dll'
  3820. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb6fd70000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll'
  3821. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcp_win.dll'.
  3822. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll)
  3823. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll
  3824. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcf3a0000 LB 0x00049000 C:\Windows\SYSTEM32\directxdatabasehelper.dll [fFlags=0x0]
  3825. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll [avoiding WinVerifyTrust]
  3826. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3827. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3828. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3829. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3830. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\directxdatabasehelper.dll'
  3831. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-core-resourcepolicy-l1-1-0.dll) -> 0x0, fPresent=1
  3832. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-core-resourcepolicy-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3833. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3834. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
  3835. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll)
  3836. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll
  3837. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd3950000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
  3838. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
  3839. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd3950000 'ext-ms-win-core-resourcepolicy-l1-1-0.dll'
  3840. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3841. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3842. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3843. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3844. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3845. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3846. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\ResourcePolicyClient.dll'
  3847. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbd3950000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [flags=0x0]
  3848. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll
  3849. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3850. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcb010000 'C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll'
  3851. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6e00000 'C:\Windows\System32\gdi32.dll'
  3852. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffb6fd70000 LB 0x01d8c000 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvd3dumx.dll [flags=0x0]
  3853. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbc2bf0000 LB 0x02d10000 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvgpucomp64.dll [flags=0x0]
  3854. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbd04b0000 LB 0x00162000 C:\Windows\System32\drvstore.dll [flags=0x0]
  3855. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbd5630000 LB 0x0004a000 C:\Windows\System32\wldp.dll [flags=0x0]
  3856. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbcb010000 LB 0x000c4000 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\nvldumdx.dll [flags=0x0]
  3857. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c98 pwszName=\Device\HarddiskVolume5\Windows\System32\DataExchange.dll
  3858. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3859. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3860. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77058853787D8A28928248724CB83756300506B8
  3861. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3862. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3863. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051020~31bf3856ad364e35~amd64~~10.0.22621.4830.cat'; file='\Device\HarddiskVolume5\Windows\System32\DataExchange.dll'
  3864. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3865. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msvcp_win.dll'.
  3866. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\DataExchange.dll) WinVerifyTrust
  3867. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
  3868. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3869. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3870. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3871. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
  3872. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffba0740000 LB 0x0005e000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
  3873. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\DataExchange.dll
  3874. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba0740000 'C:\Windows\system32\dataexchange.dll'
  3875. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
  3876. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
  3877. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll)
  3878. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll
  3879. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcb1a0000 LB 0x002a5000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
  3880. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
  3881. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3882. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3883. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
  3884. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3885. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3886. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll
  3887. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3888. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3889. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\twinapi.appcore.dll'
  3890. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll
  3891. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3892. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7fd0000 'C:\Windows\system32\Shcore.dll'
  3893. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3894. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'oleaut32.dll'.
  3895. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  3896. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll)
  3897. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll
  3898. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc0650000 LB 0x00143000 C:\Windows\SYSTEM32\textinputframework.dll [fFlags=0x0]
  3899. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
  3900. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'msvcp_win.dll'.
  3901. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll)
  3902. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll
  3903. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbd23f0000 LB 0x00135000 C:\Windows\SYSTEM32\CoreMessaging.dll [fFlags=0x0]
  3904. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
  3905. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3906. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3907. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3908. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3909. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3910. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3911. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
  3912. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3913. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3914. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3915. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3916. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll'
  3917. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3918. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3919. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\TextInputFramework.dll'
  3920. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-sddl-l1-1-0.dll) -> 0x0, fPresent=1
  3921. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-sddl-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3922. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6b90000 'api-ms-win-security-sddl-l1-1-0.dll'
  3923. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
  3924. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3925. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd71d0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
  3926. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
  3927. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3928. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd71d0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
  3929. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3930. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'coremessaging.dll'.
  3931. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll)
  3932. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll
  3933. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbce810000 LB 0x0036c000 C:\Windows\SYSTEM32\CoreUIComponents.dll [fFlags=0x0]
  3934. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
  3935. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
  3936. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume5\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
  3937. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\CoreMessaging.dll
  3938. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3939. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3940. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3941. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3942. 3f24.31ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume5\Windows\System32\CoreUIComponents.dll'
  3943. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8bb0000 'C:\Windows\System32\RPCRT4.dll'
  3944. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-security-systemfunctions-l1-1-0) -> 0x0, fPresent=1
  3945. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-security-systemfunctions-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3946. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7a40000 'api-ms-win-security-systemfunctions-l1-1-0'
  3947. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msctf.dll
  3948. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3949. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7390000 'C:\Windows\System32\MSCTF.dll'
  3950. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd76c0000 'C:\Windows\System32\ole32.dll'
  3951. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd75e0000 'C:\Windows\System32\OLEAUT32.dll'
  3952. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
  3953. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3954. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3955. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AD36488966AA7858FEFB09EE4C1DB68C5F52047
  3956. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3957. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3958. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4890.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll'
  3959. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3960. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3961. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'.
  3962. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
  3963. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
  3964. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  3965. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  3966. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
  3967. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3968. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3969. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=48E4CF81FAA1F76B63306E69DB1B016762CEEDB5
  3970. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3971. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3972. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4890.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll'
  3973. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3974. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3975. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll) WinVerifyTrust
  3976. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
  3977. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3978. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3979. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3980. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3981. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3982. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
  3983. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
  3984. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcf850000 LB 0x00080000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
  3985. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
  3986. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcf8d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
  3987. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemprox.dll
  3988. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
  3989. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3990. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
  3991. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcf8d0000 'C:\Windows\system32\wbem\wbemprox.dll'
  3992. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d70 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
  3993. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  3994. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  3995. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=90D9CA995849F184A9BB705EF47370C35858B12B
  3996. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  3997. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  3998. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4890.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll'
  3999. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4000. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4001. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
  4002. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
  4003. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
  4004. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4005. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4006. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  4007. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  4008. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4009. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
  4010. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbcaff0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
  4011. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\wbemsvc.dll
  4012. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcaff0000 'C:\Windows\system32\wbem\wbemsvc.dll'
  4013. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
  4014. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  4015. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-localization-l1-2-0.dll'
  4016. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
  4017. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  4018. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
  4019. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be0 pwszName=\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
  4020. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  4021. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  4022. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B04A0E1E5BC0341B6D82872D9E65FE40A6B3AA40
  4023. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4024. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4025. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4890.cat'; file='\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll'
  4026. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4027. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4028. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
  4029. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
  4030. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
  4031. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  4032. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume5\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  4033. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbemcomn.dll
  4034. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  4035. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  4036. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4037. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
  4038. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc6eb0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
  4039. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\wbem\fastprox.dll
  4040. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc6eb0000 'C:\Windows\system32\wbem\fastprox.dll'
  4041. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be4 pwszName=\Device\HarddiskVolume5\Windows\System32\amsi.dll
  4042. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  4043. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  4044. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E2ACDC6C91AD00483DCF60BAE07E77D4A30A9EA6
  4045. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4046. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4047. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\amsi.dll'
  4048. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4049. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4050. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
  4051. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\amsi.dll) WinVerifyTrust
  4052. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\amsi.dll
  4053. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4054. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4055. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  4056. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  4057. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4058. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amsi.dll
  4059. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc11e0000 LB 0x0001d000 C:\Windows\System32\amsi.dll [fFlags=0x0]
  4060. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\amsi.dll
  4061. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc11e0000 'C:\Windows\System32\amsi.dll'
  4062. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4063. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4064. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
  4065. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
  4066. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  4067. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOAV.dll) WinVerifyTrust
  4068. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOAV.dll
  4069. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4070. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4071. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  4072. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  4073. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  4074. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  4075. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4076. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOAV.dll
  4077. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffbc0fb0000 LB 0x00080000 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOav.dll [fFlags=0x0]
  4078. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOAV.dll
  4079. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  4080. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4081. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  4082. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  4083. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4084. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-fibers-l1-1-1'
  4085. 3f24.31ac: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  4086. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4087. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd5e50000 'api-ms-win-core-synch-l1-2-0'
  4088. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll
  4089. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4090. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7870000 'C:\Windows\System32\kernel32.dll'
  4091. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\version.dll
  4092. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  4093. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd0a20000 'C:\Windows\system32\version.dll'
  4094. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc0fb0000 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25020.1009-0\MpOav.dll'
  4095. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd7a40000 'C:\Windows\System32\ADVAPI32.dll'
  4096. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd76c0000 'C:\Windows\system32\ole32.dll'
  4097. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4098. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4099. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012c8 pwszName=\Device\HarddiskVolume5\Windows\System32\ExplorerFrame.dll
  4100. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  4101. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  4102. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBD48D0DF8066ECE124022573DA184ABD5FF6353
  4103. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4104. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4105. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.22621.5037.cat'; file='\Device\HarddiskVolume5\Windows\System32\ExplorerFrame.dll'
  4106. 3f24.31ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4107. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  4108. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shcore.dll'.
  4109. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
  4110. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
  4111. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
  4112. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'advapi32.dll'.
  4113. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'imm32.dll'.
  4114. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'user32.dll'.
  4115. 3f24.31ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
  4116. 3f24.31ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ExplorerFrame.dll) WinVerifyTrust
  4117. 3f24.31ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ExplorerFrame.dll
  4118. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  4119. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  4120. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4121. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4122. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  4123. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume5\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  4124. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll
  4125. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  4126. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  4127. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4128. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4129. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  4130. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  4131. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
  4132. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  4133. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  4134. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  4135. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
  4136. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume5\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
  4137. 3f24.31ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\SHCore.dll
  4138. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  4139. 3f24.31ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  4140. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\explorerframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4141. 3f24.31ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ExplorerFrame.dll
  4142. 3f24.31ac: supR3HardenedDllNotificationCallback: load 00007ffba0370000 LB 0x002c1000 C:\Windows\system32\explorerframe.dll [fFlags=0x0]
  4143. 3f24.31ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ExplorerFrame.dll
  4144. 3f24.31ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba0370000 'C:\Windows\system32\explorerframe.dll'
  4145. 3f24.22e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4146. 3f24.22e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4147. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4148. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4149. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4150. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4151. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  4152. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
  4153. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
  4154. 3f24.22e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
  4155. 3f24.22e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  4156. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4157. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4158. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  4159. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  4160. 3f24.22e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll
  4161. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4162. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4163. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4164. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4165. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4166. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4167. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4168. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4169. 3f24.22e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll
  4170. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4171. 3f24.22e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4172. 3f24.22e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4173. 3f24.22e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  4174. 3f24.22e0: supR3HardenedDllNotificationCallback: load 00007ffbc9d50000 LB 0x00021000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
  4175. 3f24.22e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  4176. 3f24.22e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9d50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
  4177. 3f24.1290: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4178. 3f24.1290: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4179. 3f24.1290: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4180. 3f24.1290: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4181. 3f24.1290: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4182. 3f24.1290: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4183. 3f24.1290: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
  4184. 3f24.1290: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  4185. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4186. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4187. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4188. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4189. 3f24.1290: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp140.dll
  4190. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4191. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4192. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4193. 3f24.1290: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4194. 3f24.1290: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4195. 3f24.1290: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  4196. 3f24.1290: supR3HardenedDllNotificationCallback: load 00007ffbc9e00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
  4197. 3f24.1290: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  4198. 3f24.1290: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9e00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
  4199. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8150000 'C:\Windows\system32\Shell32.dll'
  4200. 3f24.4950: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d30 pwszName=\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
  4201. 3f24.4950: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000002440e2782e0
  4202. 3f24.4950: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000002440e2782e0
  4203. 3f24.4950: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E00664AAD131505CFEA4FB69BEF260571D07D0D8
  4204. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4205. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4206. 3f24.4950: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.22621.5039.cat'; file='\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll'
  4207. 3f24.4950: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4208. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
  4209. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'devobj.dll'.
  4210. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
  4211. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
  4212. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
  4213. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume5\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
  4214. 3f24.4950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\devobj.dll
  4215. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
  4216. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume5\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
  4217. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4218. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4219. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\vid.dll) WinVerifyTrust
  4220. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\vid.dll
  4221. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4222. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
  4223. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll
  4224. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffbb9b60000 LB 0x0003e000 C:\Windows\SYSTEM32\vid.dll [fFlags=0x0]
  4225. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll
  4226. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffbc9ce0000 LB 0x00047000 C:\Windows\system32\WinHvPlatform.dll [fFlags=0x0]
  4227. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\WinHvPlatform.dll
  4228. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9ce0000 'C:\Windows\system32\WinHvPlatform.dll'
  4229. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\vid.dll
  4230. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4231. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbb9b60000 'C:\Windows\system32\vid.dll'
  4232. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4233. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4234. 3f24.4950: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
  4235. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) WinVerifyTrust
  4236. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
  4237. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4238. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd8d10000 'C:\Windows\system32\NTDLL.DLL'
  4239. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4240. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4241. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4242. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\crypt32.dll
  4243. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4244. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4245. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4246. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4247. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  4248. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
  4249. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
  4250. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  4251. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
  4252. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
  4253. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
  4254. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
  4255. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
  4256. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
  4257. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
  4258. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
  4259. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4260. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4261. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
  4262. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
  4263. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4264. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4265. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  4266. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  4267. 3f24.4950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  4268. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  4269. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  4270. 3f24.4950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
  4271. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4272. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4273. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
  4274. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
  4275. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4276. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4277. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  4278. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  4279. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
  4280. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4281. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
  4282. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
  4283. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4284. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4285. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4286. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4287. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4288. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4289. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4290. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4291. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  4292. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
  4293. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
  4294. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
  4295. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  4296. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4297. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4298. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4299. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4300. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4301. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4302. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  4303. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  4304. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  4305. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  4306. 3f24.4950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\setupapi.dll
  4307. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4308. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4309. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4310. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4311. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4312. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4313. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4314. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
  4315. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  4316. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4317. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
  4318. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffbb60e0000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
  4319. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  4320. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffb21c60000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
  4321. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4322. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffbd48d0000 LB 0x0002d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
  4323. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
  4324. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffaea1a0000 LB 0x00a2d000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
  4325. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD.dll
  4326. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
  4327. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rsaenh.dll
  4328. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4329. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4330. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4331. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxC.dll
  4332. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4333. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb721e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
  4334. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4335. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4336. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4337. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4338. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb21c60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
  4339. 3f24.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4340. 3f24.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4341. 3f24.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4342. 3f24.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4343. 3f24.1f7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
  4344. 3f24.1f7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  4345. 3f24.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4346. 3f24.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4347. 3f24.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4348. 3f24.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4349. 3f24.1f7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4350. 3f24.1f7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  4351. 3f24.1f7c: supR3HardenedDllNotificationCallback: load 00007ffbc9bd0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
  4352. 3f24.1f7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  4353. 3f24.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
  4354. 3f24.1408: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4355. 3f24.1408: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4356. 3f24.1408: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4357. 3f24.1408: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4358. 3f24.1408: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4359. 3f24.1408: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4360. 3f24.1408: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
  4361. 3f24.1408: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  4362. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4363. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4364. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4365. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4366. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4367. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4368. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4369. 3f24.1408: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4370. 3f24.1408: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4371. 3f24.1408: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  4372. 3f24.1408: supR3HardenedDllNotificationCallback: load 00007ffbc9d40000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
  4373. 3f24.1408: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  4374. 3f24.1408: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9d40000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
  4375. 3f24.56f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4376. 3f24.56f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4377. 3f24.56f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4378. 3f24.56f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4379. 3f24.56f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4380. 3f24.56f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4381. 3f24.56f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
  4382. 3f24.56f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  4383. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4384. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4385. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4386. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4387. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4388. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4389. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4390. 3f24.56f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume5\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4391. 3f24.56f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4392. 3f24.56f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  4393. 3f24.56f0: supR3HardenedDllNotificationCallback: load 00007ffbc9cd0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
  4394. 3f24.56f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  4395. 3f24.56f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbc9cd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
  4396. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4397. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4398. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'.
  4399. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
  4400. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\mswsock.dll) WinVerifyTrust
  4401. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\mswsock.dll
  4402. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4403. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4404. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  4405. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  4406. 3f24.4950: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
  4407. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4408. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mswsock.dll
  4409. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffbd53b0000 LB 0x0006a000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
  4410. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\mswsock.dll
  4411. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd53b0000 'C:\Windows\system32\mswsock.dll'
  4412. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd4e30000 'C:\Windows\system32\rsaenh.dll'
  4413. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd6450000 'C:\Windows\System32\crypt32.dll'
  4414. 3f24.4950: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  4415. 3f24.4950: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll) WinVerifyTrust
  4416. 3f24.4950: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
  4417. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  4418. 3f24.4950: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  4419. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4420. 3f24.4950: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
  4421. 3f24.4950: supR3HardenedDllNotificationCallback: load 00007ffbcfa70000 LB 0x0009e000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
  4422. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
  4423. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcfa70000 'C:\Windows\System32\MMDevApi.dll'
  4424. 3f24.4950: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\MMDevAPI.dll
  4425. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4426. 3f24.4950: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcfa70000 'C:\Windows\System32\MMDEVAPI.DLL'
  4427. 3f24.56f0: supR3HardenedDllNotificationCallback: Unload 00007ffbc9cd0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
  4428. 3f24.1408: supR3HardenedDllNotificationCallback: Unload 00007ffbc9d40000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
  4429. 3f24.1f7c: supR3HardenedDllNotificationCallback: Unload 00007ffbc9bd0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
  4430. 3f24.1290: supR3HardenedDllNotificationCallback: Unload 00007ffbc9e00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
  4431. 3f24.22e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4432. 3f24.22e0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\edputil.dll)
  4433. 3f24.22e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\edputil.dll
  4434. 3f24.22e0: supR3HardenedDllNotificationCallback: load 00007ffbabd70000 LB 0x00028000 C:\Windows\SYSTEM32\edputil.dll [fFlags=0x0]
  4435. 3f24.22e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume5\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
  4436. 3f24.22e0: supR3HardenedDllNotificationCallback: Unload 00007ffbc9d50000 LB 0x00021000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
  4437. 3f24.4950: supR3HardenedDllNotificationCallback: Unload 00007ffaea1a0000 LB 0x00a2d000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
  4438. 3f24.4950: supR3HardenedDllNotificationCallback: Unload 00007ffbb60e0000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
  4439. 3f24.4950: supR3HardenedDllNotificationCallback: Unload 00007ffb21c60000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
  4440. 3f24.4950: supR3HardenedDllNotificationCallback: Unload 00007ffbd48d0000 LB 0x0002d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
  4441. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffb231c0000 LB 0x0058f000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [flags=0x0]
  4442. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffba0370000 LB 0x002c1000 C:\Windows\system32\explorerframe.dll [flags=0x0]
  4443. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffb9d270000 LB 0x0006a000 C:\Windows\System32\thumbcache.dll [flags=0x0]
  4444. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffb88be0000 LB 0x000e9000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
  4445. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbcaff0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
  4446. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbcf8d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
  4447. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffba0740000 LB 0x0005e000 C:\Windows\system32\dataexchange.dll [flags=0x0]
  4448. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbcb1a0000 LB 0x002a5000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
  4449. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffb721e0000 LB 0x003f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
  4450. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbc6eb0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
  4451. 3f24.31ac: supR3HardenedDllNotificationCallback: Unload 00007ffbcf850000 LB 0x00080000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
  4452. 3f24.31ac: Terminating the normal way: rcExit=0
  4453. 46ec.54b0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 8396 ms, the end);
  4454. 2534.14dc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 9361 ms, the end);
  4455.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!