API tools faq
paste
Advertisement
Guest User

VBoxHardening.log

a guest
Jan 6th, 2025
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 493.07 KB | Software | 0 0
raw download clone embed print report
  1. cf8.22f4: \SystemRoot\System32\ntdll.dll:
  2. cf8.22f4: CreationTime: 2024-10-11T12:47:43.281861700Z
  3. cf8.22f4: LastWriteTime: 2024-10-11T12:47:43.501863200Z
  4. cf8.22f4: ChangeTime: 2024-12-11T17:56:48.666723500Z
  5. cf8.22f4: FileAttributes: 0x20
  6. cf8.22f4: Size: 0x1ef640
  7. cf8.22f4: NT Headers: 0xe8
  8. cf8.22f4: Timestamp: 0x688f8c4b
  9. cf8.22f4: Machine: 0x8664 - amd64
  10. cf8.22f4: Timestamp: 0x688f8c4b
  11. cf8.22f4: Image Version: 10.0
  12. cf8.22f4: SizeOfImage: 0x1f8000 (2064384)
  13. cf8.22f4: Resource Dir: 0x186000 LB 0x70508
  14. cf8.22f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  15. cf8.22f4: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  16. cf8.22f4: ProductName: Microsoft® Windows® Operating System
  17. cf8.22f4: ProductVersion: 10.0.19041.5007
  18. cf8.22f4: FileVersion: 10.0.19041.5007 (WinBuild.160101.0800)
  19. cf8.22f4: FileDescription: NT Layer DLL
  20. cf8.22f4: \SystemRoot\System32\kernel32.dll:
  21. cf8.22f4: CreationTime: 2024-11-23T10:20:52.028834300Z
  22. cf8.22f4: LastWriteTime: 2024-11-23T10:20:52.083382400Z
  23. cf8.22f4: ChangeTime: 2024-12-11T17:56:49.046712700Z
  24. cf8.22f4: FileAttributes: 0x20
  25. cf8.22f4: Size: 0xbf588
  26. cf8.22f4: NT Headers: 0xf8
  27. cf8.22f4: Timestamp: 0x87803e41
  28. cf8.22f4: Machine: 0x8664 - amd64
  29. cf8.22f4: Timestamp: 0x87803e41
  30. cf8.22f4: Image Version: 10.0
  31. cf8.22f4: SizeOfImage: 0xc2000 (794624)
  32. cf8.22f4: Resource Dir: 0xc0000 LB 0x520
  33. cf8.22f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  34. cf8.22f4: [Raw version resource data: 0xc00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  35. cf8.22f4: ProductName: Microsoft® Windows® Operating System
  36. cf8.22f4: ProductVersion: 10.0.19041.5198
  37. cf8.22f4: FileVersion: 10.0.19041.5198 (WinBuild.160101.0800)
  38. cf8.22f4: FileDescription: Windows NT BASE API Client DLL
  39. cf8.22f4: \SystemRoot\System32\KernelBase.dll:
  40. cf8.22f4: CreationTime: 2024-11-23T10:20:30.424984400Z
  41. cf8.22f4: LastWriteTime: 2024-11-23T10:20:30.950571900Z
  42. cf8.22f4: ChangeTime: 2024-12-11T17:56:48.696719300Z
  43. cf8.22f4: FileAttributes: 0x20
  44. cf8.22f4: Size: 0x2ff3c8
  45. cf8.22f4: NT Headers: 0x100
  46. cf8.22f4: Timestamp: 0xd1eefc71
  47. cf8.22f4: Machine: 0x8664 - amd64
  48. cf8.22f4: Timestamp: 0xd1eefc71
  49. cf8.22f4: Image Version: 10.0
  50. cf8.22f4: SizeOfImage: 0x2fe000 (3137536)
  51. cf8.22f4: Resource Dir: 0x2d4000 LB 0x548
  52. cf8.22f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  53. cf8.22f4: [Raw version resource data: 0x2d40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  54. cf8.22f4: ProductName: Microsoft® Windows® Operating System
  55. cf8.22f4: ProductVersion: 10.0.19041.5198
  56. cf8.22f4: FileVersion: 10.0.19041.5198 (WinBuild.160101.0800)
  57. cf8.22f4: FileDescription: Windows NT BASE API Client DLL
  58. cf8.22f4: \SystemRoot\System32\apisetschema.dll:
  59. cf8.22f4: CreationTime: 2024-01-27T16:00:25.927257100Z
  60. cf8.22f4: LastWriteTime: 2024-01-27T16:00:25.974090700Z
  61. cf8.22f4: ChangeTime: 2024-12-11T17:56:34.404205000Z
  62. cf8.22f4: FileAttributes: 0x20
  63. cf8.22f4: Size: 0x1f970
  64. cf8.22f4: NT Headers: 0xd0
  65. cf8.22f4: Timestamp: 0x818769b5
  66. cf8.22f4: Machine: 0x8664 - amd64
  67. cf8.22f4: Timestamp: 0x818769b5
  68. cf8.22f4: Image Version: 10.0
  69. cf8.22f4: SizeOfImage: 0x20000 (131072)
  70. cf8.22f4: Resource Dir: 0x1f000 LB 0x408
  71. cf8.22f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  72. cf8.22f4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  73. cf8.22f4: ProductName: Microsoft® Windows® Operating System
  74. cf8.22f4: ProductVersion: 10.0.19041.3996
  75. cf8.22f4: FileVersion: 10.0.19041.3996 (WinBuild.160101.0800)
  76. cf8.22f4: FileDescription: ApiSet Schema DLL
  77. cf8.22f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  78. cf8.22f4: supR3HardenedWinFindAdversaries: 0x0
  79. cf8.22f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  80. cf8.22f4: Calling main()
  81. cf8.22f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  82. cf8.22f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  83. cf8.22f4: SUPR3HardenedMain: Respawn #1
  84. cf8.22f4: System32: \Device\HarddiskVolume4\Windows\System32
  85. cf8.22f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  86. cf8.22f4: KnownDllPath: C:\WINDOWS\System32
  87. cf8.22f4: supR3HardenedWinInit: Performing a limited self purification...
  88. cf8.22f4: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
  89. cf8.22f4: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  90. cf8.22f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  91. cf8.22f4: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
  92. cf8.22f4: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
  93. cf8.22f4: 000000007ffe3000-000000ab273fffff 0x0001/0x0000 0x0000000
  94. cf8.22f4: *000000ab27400000-000000ab2740cfff 0x0000/0x0004 0x0020000
  95. cf8.22f4: 000000ab2740d000-000000ab2740ffff 0x0004/0x0004 0x0020000
  96. cf8.22f4: 000000ab27410000-000000ab275fffff 0x0000/0x0004 0x0020000
  97. cf8.22f4: *000000ab27600000-000000ab276b8fff 0x0000/0x0004 0x0020000
  98. cf8.22f4: 000000ab276b9000-000000ab276bbfff 0x0104/0x0004 0x0020000
  99. cf8.22f4: 000000ab276bc000-000000ab276fffff 0x0004/0x0004 0x0020000
  100. cf8.22f4: 000000ab27700000-000001b92996ffff 0x0001/0x0000 0x0000000
  101. cf8.22f4: *000001b929970000-000001b92997ffff 0x0004/0x0004 0x0040000
  102. cf8.22f4: *000001b929980000-000001b929981fff 0x0002/0x0002 0x0040000
  103. cf8.22f4: 000001b929982000-000001b92998ffff 0x0001/0x0000 0x0000000
  104. cf8.22f4: *000001b929990000-000001b9299acfff 0x0002/0x0002 0x0040000
  105. cf8.22f4: 000001b9299ad000-000001b9299affff 0x0001/0x0000 0x0000000
  106. cf8.22f4: *000001b9299b0000-000001b9299b3fff 0x0002/0x0002 0x0040000
  107. cf8.22f4: 000001b9299b4000-000001b9299bffff 0x0001/0x0000 0x0000000
  108. cf8.22f4: *000001b9299c0000-000001b9299c0fff 0x0002/0x0002 0x0040000
  109. cf8.22f4: 000001b9299c1000-000001b9299cffff 0x0001/0x0000 0x0000000
  110. cf8.22f4: *000001b9299d0000-000001b9299d1fff 0x0004/0x0004 0x0020000
  111. cf8.22f4: 000001b9299d2000-000001b9299dffff 0x0001/0x0000 0x0000000
  112. cf8.22f4: *000001b9299e0000-000001b9299e1fff 0x0002/0x0002 0x0040000
  113. cf8.22f4: 000001b9299e2000-000001b9299effff 0x0001/0x0000 0x0000000
  114. cf8.22f4: *000001b9299f0000-000001b9299f0fff 0x0002/0x0002 0x0040000
  115. cf8.22f4: 000001b9299f1000-000001b9299fffff 0x0001/0x0000 0x0000000
  116. cf8.22f4: *000001b929a00000-000001b929a01fff 0x0004/0x0004 0x0020000
  117. cf8.22f4: 000001b929a02000-000001b929a19fff 0x0000/0x0004 0x0020000
  118. cf8.22f4: 000001b929a1a000-000001b929a3ffff 0x0001/0x0000 0x0000000
  119. cf8.22f4: *000001b929a40000-000001b929a4efff 0x0004/0x0004 0x0020000
  120. cf8.22f4: 000001b929a4f000-000001b929a4ffff 0x0000/0x0004 0x0020000
  121. cf8.22f4: 000001b929a50000-000001b929a7ffff 0x0001/0x0000 0x0000000
  122. cf8.22f4: *000001b929a80000-000001b929a85fff 0x0004/0x0004 0x0020000
  123. cf8.22f4: 000001b929a86000-000001b929b7ffff 0x0000/0x0004 0x0020000
  124. cf8.22f4: *000001b929b80000-000001b929c48fff 0x0002/0x0002 0x0040000
  125. cf8.22f4: 000001b929c49000-000001b929c4ffff 0x0001/0x0000 0x0000000
  126. cf8.22f4: *000001b929c50000-000001b929c58fff 0x0000/0x0004 0x0020000
  127. cf8.22f4: 000001b929c59000-000001b929e51fff 0x0004/0x0004 0x0020000
  128. cf8.22f4: 000001b929e52000-000001b929e52fff 0x0000/0x0004 0x0020000
  129. cf8.22f4: 000001b929e53000-000001b929e5ffff 0x0001/0x0000 0x0000000
  130. cf8.22f4: *000001b929e60000-000001b929e89fff 0x0004/0x0004 0x0020000
  131. cf8.22f4: 000001b929e8a000-000001b929f5ffff 0x0000/0x0004 0x0020000
  132. cf8.22f4: 000001b929f60000-00007df4c371ffff 0x0001/0x0000 0x0000000
  133. cf8.22f4: *00007df4c3720000-00007df4c3724fff 0x0002/0x0002 0x0040000
  134. cf8.22f4: 00007df4c3725000-00007df4c381ffff 0x0000/0x0002 0x0040000
  135. cf8.22f4: *00007df4c3820000-00007df5c383ffff 0x0000/0x0004 0x0020000
  136. cf8.22f4: *00007df5c3840000-00007df5c583ffff 0x0000/0x0004 0x0020000
  137. cf8.22f4: 00007df5c5840000-00007df5c5840fff 0x0004/0x0004 0x0020000
  138. cf8.22f4: 00007df5c5841000-00007df5c584ffff 0x0001/0x0000 0x0000000
  139. cf8.22f4: *00007df5c5850000-00007df5c5850fff 0x0002/0x0002 0x0040000
  140. cf8.22f4: 00007df5c5851000-00007df5c585ffff 0x0001/0x0000 0x0000000
  141. cf8.22f4: *00007df5c5860000-00007df5c5882fff 0x0002/0x0002 0x0040000
  142. cf8.22f4: 00007df5c5883000-00007df5c588ffff 0x0001/0x0000 0x0000000
  143. cf8.22f4: *00007df5c5890000-00007df5c73a2fff 0x0000/0x0001 0x0040000
  144. cf8.22f4: 00007df5c73a3000-00007df5c73c4fff 0x0001/0x0001 0x0040000
  145. cf8.22f4: 00007df5c73c5000-00007df5c765afff 0x0000/0x0001 0x0040000
  146. cf8.22f4: 00007df5c765b000-00007df5c765bfff 0x0001/0x0001 0x0040000
  147. cf8.22f4: 00007df5c765c000-00007ff5a105bfff 0x0000/0x0001 0x0040000
  148. cf8.22f4: 00007ff5a105c000-00007ff5a1060fff 0x0002/0x0001 0x0040000
  149. cf8.22f4: 00007ff5a1061000-00007ff5a7de8fff 0x0000/0x0001 0x0040000
  150. cf8.22f4: 00007ff5a7de9000-00007ff5a97befff 0x0001/0x0001 0x0040000
  151. cf8.22f4: 00007ff5a97bf000-00007ff5a97cafff 0x0002/0x0001 0x0040000
  152. cf8.22f4: 00007ff5a97cb000-00007ff5a97f9fff 0x0001/0x0001 0x0040000
  153. cf8.22f4: 00007ff5a97fa000-00007ff5a97fdfff 0x0002/0x0001 0x0040000
  154. cf8.22f4: 00007ff5a97fe000-00007ff5a984efff 0x0001/0x0001 0x0040000
  155. cf8.22f4: 00007ff5a984f000-00007ff5a9857fff 0x0002/0x0001 0x0040000
  156. cf8.22f4: 00007ff5a9858000-00007ff5c588ffff 0x0000/0x0001 0x0040000
  157. cf8.22f4: 00007ff5c5890000-00007ff6df30ffff 0x0001/0x0000 0x0000000
  158. cf8.22f4: *00007ff6df310000-00007ff6df310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  159. cf8.22f4: 00007ff6df311000-00007ff6df37bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  160. cf8.22f4: 00007ff6df37c000-00007ff6df37cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  161. cf8.22f4: 00007ff6df37d000-00007ff6df3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  162. cf8.22f4: 00007ff6df3d1000-00007ff6df3d3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  163. cf8.22f4: 00007ff6df3d4000-00007ff6df3d6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  164. cf8.22f4: 00007ff6df3d7000-00007ff6df3d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  165. cf8.22f4: 00007ff6df3da000-00007ff6df3dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  166. cf8.22f4: 00007ff6df3db000-00007ff6df3dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  167. cf8.22f4: 00007ff6df3dd000-00007ff6df3ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  168. cf8.22f4: 00007ff6df3de000-00007ff6df417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  169. cf8.22f4: 00007ff6df418000-00007ff8fcbbffff 0x0001/0x0000 0x0000000
  170. cf8.22f4: *00007ff8fcbc0000-00007ff8fcbc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  171. cf8.22f4: 00007ff8fcbc1000-00007ff8fccf9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  172. cf8.22f4: 00007ff8fccfa000-00007ff8fce7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  173. cf8.22f4: 00007ff8fce7d000-00007ff8fce81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  174. cf8.22f4: 00007ff8fce82000-00007ff8fcebdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  175. cf8.22f4: 00007ff8fcebe000-00007ff8fdaaffff 0x0001/0x0000 0x0000000
  176. cf8.22f4: *00007ff8fdab0000-00007ff8fdab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  177. cf8.22f4: 00007ff8fdab1000-00007ff8fdb31fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  178. cf8.22f4: 00007ff8fdb32000-00007ff8fdb66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  179. cf8.22f4: 00007ff8fdb67000-00007ff8fdb68fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  180. cf8.22f4: 00007ff8fdb69000-00007ff8fdb71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  181. cf8.22f4: 00007ff8fdb72000-00007ff8fefeffff 0x0001/0x0000 0x0000000
  182. cf8.22f4: *00007ff8feff0000-00007ff8feff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  183. cf8.22f4: 00007ff8feff1000-00007ff8ff10cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  184. cf8.22f4: 00007ff8ff10d000-00007ff8ff155fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  185. cf8.22f4: 00007ff8ff156000-00007ff8ff156fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  186. cf8.22f4: 00007ff8ff157000-00007ff8ff158fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  187. cf8.22f4: 00007ff8ff159000-00007ff8ff161fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  188. cf8.22f4: 00007ff8ff162000-00007ff8ff1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  189. cf8.22f4: 00007ff8ff1e8000-00007ffffffeffff 0x0001/0x0000 0x0000000
  190. cf8.22f4: kernel32.dll: timestamp 0x87803e41 (rc=VINF_SUCCESS)
  191. cf8.22f4: kernelbase.dll: timestamp 0xd1eefc71 (rc=VINF_SUCCESS)
  192. cf8.22f4: VirtualBoxVM.exe: timestamp 0x670807b4 (rc=VINF_SUCCESS)
  193. cf8.22f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  194. cf8.22f4: VirtualBoxVM.exe: Differences in section #7 (.00cfg) between file and memory:
  195. cf8.22f4: 00007ff6df3e5000 / 0x00d5000: 10 != 60
  196. cf8.22f4: 00007ff6df3e5001 / 0x00d5001: e5 != cc
  197. cf8.22f4: 00007ff6df3e5002 / 0x00d5002: 32 != 07
  198. cf8.22f4: 00007ff6df3e5003 / 0x00d5003: df != ff
  199. cf8.22f4: 00007ff6df3e5004 / 0x00d5004: f6 != f8
  200. cf8.22f4: 00007ff6df3e5011 / 0x00d5011: b3 != cd
  201. cf8.22f4: 00007ff6df3e5012 / 0x00d5012: 37 != 07
  202. cf8.22f4: 00007ff6df3e5013 / 0x00d5013: df != ff
  203. cf8.22f4: 00007ff6df3e5014 / 0x00d5014: f6 != f8
  204. cf8.22f4: Restored 0x28 bytes of original file content at 00007ff6df3e5000
  205. cf8.22f4: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  206. cf8.22f4: 00007ff6df416b28 / 0x0106b28: 00 != 50
  207. cf8.22f4: 00007ff6df416b29 / 0x0106b29: 00 != 41
  208. cf8.22f4: 00007ff6df416b2a / 0x0106b2a: 00 != 44
  209. cf8.22f4: 00007ff6df416b2b / 0x0106b2b: 00 != 44
  210. cf8.22f4: 00007ff6df416b2c / 0x0106b2c: 00 != 49
  211. cf8.22f4: 00007ff6df416b2d / 0x0106b2d: 00 != 4e
  212. cf8.22f4: 00007ff6df416b2e / 0x0106b2e: 00 != 47
  213. cf8.22f4: 00007ff6df416b2f / 0x0106b2f: 00 != 58
  214. cf8.22f4: 00007ff6df416b30 / 0x0106b30: 00 != 58
  215. cf8.22f4: 00007ff6df416b31 / 0x0106b31: 00 != 50
  216. cf8.22f4: 00007ff6df416b32 / 0x0106b32: 00 != 41
  217. cf8.22f4: 00007ff6df416b33 / 0x0106b33: 00 != 44
  218. cf8.22f4: 00007ff6df416b34 / 0x0106b34: 00 != 44
  219. cf8.22f4: 00007ff6df416b35 / 0x0106b35: 00 != 49
  220. cf8.22f4: 00007ff6df416b36 / 0x0106b36: 00 != 4e
  221. cf8.22f4: 00007ff6df416b37 / 0x0106b37: 00 != 47
  222. cf8.22f4: 00007ff6df416b38 / 0x0106b38: 00 != 50
  223. cf8.22f4: 00007ff6df416b39 / 0x0106b39: 00 != 41
  224. cf8.22f4: 00007ff6df416b3a / 0x0106b3a: 00 != 44
  225. cf8.22f4: 00007ff6df416b3b / 0x0106b3b: 00 != 44
  226. cf8.22f4: 00007ff6df416b3c / 0x0106b3c: 00 != 49
  227. cf8.22f4: 00007ff6df416b3d / 0x0106b3d: 00 != 4e
  228. cf8.22f4: 00007ff6df416b3e / 0x0106b3e: 00 != 47
  229. cf8.22f4: 00007ff6df416b3f / 0x0106b3f: 00 != 58
  230. cf8.22f4: 00007ff6df416b40 / 0x0106b40: 00 != 58
  231. cf8.22f4: 00007ff6df416b41 / 0x0106b41: 00 != 50
  232. cf8.22f4: 00007ff6df416b42 / 0x0106b42: 00 != 41
  233. cf8.22f4: 00007ff6df416b43 / 0x0106b43: 00 != 44
  234. cf8.22f4: 00007ff6df416b44 / 0x0106b44: 00 != 44
  235. cf8.22f4: 00007ff6df416b45 / 0x0106b45: 00 != 49
  236. cf8.22f4: 00007ff6df416b46 / 0x0106b46: 00 != 4e
  237. cf8.22f4: 00007ff6df416b47 / 0x0106b47: 00 != 47
  238. cf8.22f4: 00007ff6df416b48 / 0x0106b48: 00 != 50
  239. cf8.22f4: 00007ff6df416b49 / 0x0106b49: 00 != 41
  240. cf8.22f4: 00007ff6df416b4a / 0x0106b4a: 00 != 44
  241. cf8.22f4: 00007ff6df416b4b / 0x0106b4b: 00 != 44
  242. cf8.22f4: 00007ff6df416b4c / 0x0106b4c: 00 != 49
  243. cf8.22f4: 00007ff6df416b4d / 0x0106b4d: 00 != 4e
  244. cf8.22f4: 00007ff6df416b4e / 0x0106b4e: 00 != 47
  245. cf8.22f4: 00007ff6df416b4f / 0x0106b4f: 00 != 58
  246. cf8.22f4: 00007ff6df416b50 / 0x0106b50: 00 != 58
  247. cf8.22f4: 00007ff6df416b51 / 0x0106b51: 00 != 50
  248. cf8.22f4: 00007ff6df416b52 / 0x0106b52: 00 != 41
  249. cf8.22f4: 00007ff6df416b53 / 0x0106b53: 00 != 44
  250. cf8.22f4: 00007ff6df416b54 / 0x0106b54: 00 != 44
  251. cf8.22f4: 00007ff6df416b55 / 0x0106b55: 00 != 49
  252. cf8.22f4: 00007ff6df416b56 / 0x0106b56: 00 != 4e
  253. cf8.22f4: 00007ff6df416b57 / 0x0106b57: 00 != 47
  254. cf8.22f4: 00007ff6df416b58 / 0x0106b58: 00 != 50
  255. cf8.22f4: 00007ff6df416b59 / 0x0106b59: 00 != 41
  256. cf8.22f4: 00007ff6df416b5a / 0x0106b5a: 00 != 44
  257. cf8.22f4: 00007ff6df416b5b / 0x0106b5b: 00 != 44
  258. cf8.22f4: 00007ff6df416b5c / 0x0106b5c: 00 != 49
  259. cf8.22f4: 00007ff6df416b5d / 0x0106b5d: 00 != 4e
  260. cf8.22f4: 00007ff6df416b5e / 0x0106b5e: 00 != 47
  261. cf8.22f4: 00007ff6df416b5f / 0x0106b5f: 00 != 58
  262. cf8.22f4: 00007ff6df416b60 / 0x0106b60: 00 != 58
  263. cf8.22f4: 00007ff6df416b61 / 0x0106b61: 00 != 50
  264. cf8.22f4: 00007ff6df416b62 / 0x0106b62: 00 != 41
  265. cf8.22f4: 00007ff6df416b63 / 0x0106b63: 00 != 44
  266. cf8.22f4: 00007ff6df416b64 / 0x0106b64: 00 != 44
  267. cf8.22f4: 00007ff6df416b65 / 0x0106b65: 00 != 49
  268. cf8.22f4: 00007ff6df416b66 / 0x0106b66: 00 != 4e
  269. cf8.22f4: 00007ff6df416b67 / 0x0106b67: 00 != 47
  270. cf8.22f4: 00007ff6df416b68 / 0x0106b68: 00 != 50
  271. cf8.22f4: 00007ff6df416b69 / 0x0106b69: 00 != 41
  272. cf8.22f4: 00007ff6df416b6a / 0x0106b6a: 00 != 44
  273. cf8.22f4: 00007ff6df416b6b / 0x0106b6b: 00 != 44
  274. cf8.22f4: 00007ff6df416b6c / 0x0106b6c: 00 != 49
  275. cf8.22f4: 00007ff6df416b6d / 0x0106b6d: 00 != 4e
  276. cf8.22f4: 00007ff6df416b6e / 0x0106b6e: 00 != 47
  277. cf8.22f4: 00007ff6df416b6f / 0x0106b6f: 00 != 58
  278. cf8.22f4: 00007ff6df416b70 / 0x0106b70: 00 != 58
  279. cf8.22f4: 00007ff6df416b71 / 0x0106b71: 00 != 50
  280. cf8.22f4: 00007ff6df416b72 / 0x0106b72: 00 != 41
  281. cf8.22f4: 00007ff6df416b73 / 0x0106b73: 00 != 44
  282. cf8.22f4: 00007ff6df416b74 / 0x0106b74: 00 != 44
  283. cf8.22f4: 00007ff6df416b75 / 0x0106b75: 00 != 49
  284. cf8.22f4: 00007ff6df416b76 / 0x0106b76: 00 != 4e
  285. cf8.22f4: 00007ff6df416b77 / 0x0106b77: 00 != 47
  286. cf8.22f4: 00007ff6df416b78 / 0x0106b78: 00 != 50
  287. cf8.22f4: 00007ff6df416b79 / 0x0106b79: 00 != 41
  288. cf8.22f4: 00007ff6df416b7a / 0x0106b7a: 00 != 44
  289. cf8.22f4: 00007ff6df416b7b / 0x0106b7b: 00 != 44
  290. cf8.22f4: 00007ff6df416b7c / 0x0106b7c: 00 != 49
  291. cf8.22f4: 00007ff6df416b7d / 0x0106b7d: 00 != 4e
  292. cf8.22f4: 00007ff6df416b7e / 0x0106b7e: 00 != 47
  293. cf8.22f4: 00007ff6df416b7f / 0x0106b7f: 00 != 58
  294. cf8.22f4: 00007ff6df416b80 / 0x0106b80: 00 != 58
  295. cf8.22f4: 00007ff6df416b81 / 0x0106b81: 00 != 50
  296. cf8.22f4: 00007ff6df416b82 / 0x0106b82: 00 != 41
  297. cf8.22f4: 00007ff6df416b83 / 0x0106b83: 00 != 44
  298. cf8.22f4: 00007ff6df416b84 / 0x0106b84: 00 != 44
  299. cf8.22f4: 00007ff6df416b85 / 0x0106b85: 00 != 49
  300. cf8.22f4: 00007ff6df416b86 / 0x0106b86: 00 != 4e
  301. cf8.22f4: 00007ff6df416b87 / 0x0106b87: 00 != 47
  302. cf8.22f4: 00007ff6df416b88 / 0x0106b88: 00 != 50
  303. cf8.22f4: 00007ff6df416b89 / 0x0106b89: 00 != 41
  304. cf8.22f4: 00007ff6df416b8a / 0x0106b8a: 00 != 44
  305. cf8.22f4: 00007ff6df416b8b / 0x0106b8b: 00 != 44
  306. cf8.22f4: 00007ff6df416b8c / 0x0106b8c: 00 != 49
  307. cf8.22f4: 00007ff6df416b8d / 0x0106b8d: 00 != 4e
  308. cf8.22f4: 00007ff6df416b8e / 0x0106b8e: 00 != 47
  309. cf8.22f4: 00007ff6df416b8f / 0x0106b8f: 00 != 58
  310. cf8.22f4: 00007ff6df416b90 / 0x0106b90: 00 != 58
  311. cf8.22f4: 00007ff6df416b91 / 0x0106b91: 00 != 50
  312. cf8.22f4: 00007ff6df416b92 / 0x0106b92: 00 != 41
  313. cf8.22f4: 00007ff6df416b93 / 0x0106b93: 00 != 44
  314. cf8.22f4: 00007ff6df416b94 / 0x0106b94: 00 != 44
  315. cf8.22f4: 00007ff6df416b95 / 0x0106b95: 00 != 49
  316. cf8.22f4: 00007ff6df416b96 / 0x0106b96: 00 != 4e
  317. cf8.22f4: 00007ff6df416b97 / 0x0106b97: 00 != 47
  318. cf8.22f4: 00007ff6df416b98 / 0x0106b98: 00 != 50
  319. cf8.22f4: 00007ff6df416b99 / 0x0106b99: 00 != 41
  320. cf8.22f4: 00007ff6df416b9a / 0x0106b9a: 00 != 44
  321. cf8.22f4: 00007ff6df416b9b / 0x0106b9b: 00 != 44
  322. cf8.22f4: 00007ff6df416b9c / 0x0106b9c: 00 != 49
  323. cf8.22f4: 00007ff6df416b9d / 0x0106b9d: 00 != 4e
  324. cf8.22f4: 00007ff6df416b9e / 0x0106b9e: 00 != 47
  325. cf8.22f4: 00007ff6df416b9f / 0x0106b9f: 00 != 58
  326. cf8.22f4: 00007ff6df416ba0 / 0x0106ba0: 00 != 58
  327. cf8.22f4: 00007ff6df416ba1 / 0x0106ba1: 00 != 50
  328. cf8.22f4: 00007ff6df416ba2 / 0x0106ba2: 00 != 41
  329. cf8.22f4: 00007ff6df416ba3 / 0x0106ba3: 00 != 44
  330. cf8.22f4: 00007ff6df416ba4 / 0x0106ba4: 00 != 44
  331. cf8.22f4: 00007ff6df416ba5 / 0x0106ba5: 00 != 49
  332. cf8.22f4: 00007ff6df416ba6 / 0x0106ba6: 00 != 4e
  333. cf8.22f4: 00007ff6df416ba7 / 0x0106ba7: 00 != 47
  334. cf8.22f4: 00007ff6df416ba8 / 0x0106ba8: 00 != 50
  335. cf8.22f4: 00007ff6df416ba9 / 0x0106ba9: 00 != 41
  336. cf8.22f4: 00007ff6df416baa / 0x0106baa: 00 != 44
  337. cf8.22f4: 00007ff6df416bab / 0x0106bab: 00 != 44
  338. cf8.22f4: 00007ff6df416bac / 0x0106bac: 00 != 49
  339. cf8.22f4: 00007ff6df416bad / 0x0106bad: 00 != 4e
  340. cf8.22f4: 00007ff6df416bae / 0x0106bae: 00 != 47
  341. cf8.22f4: 00007ff6df416baf / 0x0106baf: 00 != 58
  342. cf8.22f4: 00007ff6df416bb0 / 0x0106bb0: 00 != 58
  343. cf8.22f4: 00007ff6df416bb1 / 0x0106bb1: 00 != 50
  344. cf8.22f4: 00007ff6df416bb2 / 0x0106bb2: 00 != 41
  345. cf8.22f4: 00007ff6df416bb3 / 0x0106bb3: 00 != 44
  346. cf8.22f4: 00007ff6df416bb4 / 0x0106bb4: 00 != 44
  347. cf8.22f4: 00007ff6df416bb5 / 0x0106bb5: 00 != 49
  348. cf8.22f4: 00007ff6df416bb6 / 0x0106bb6: 00 != 4e
  349. cf8.22f4: 00007ff6df416bb7 / 0x0106bb7: 00 != 47
  350. cf8.22f4: 00007ff6df416bb8 / 0x0106bb8: 00 != 50
  351. cf8.22f4: 00007ff6df416bb9 / 0x0106bb9: 00 != 41
  352. cf8.22f4: 00007ff6df416bba / 0x0106bba: 00 != 44
  353. cf8.22f4: 00007ff6df416bbb / 0x0106bbb: 00 != 44
  354. cf8.22f4: 00007ff6df416bbc / 0x0106bbc: 00 != 49
  355. cf8.22f4: 00007ff6df416bbd / 0x0106bbd: 00 != 4e
  356. cf8.22f4: 00007ff6df416bbe / 0x0106bbe: 00 != 47
  357. cf8.22f4: 00007ff6df416bbf / 0x0106bbf: 00 != 58
  358. cf8.22f4: 00007ff6df416bc0 / 0x0106bc0: 00 != 58
  359. cf8.22f4: 00007ff6df416bc1 / 0x0106bc1: 00 != 50
  360. cf8.22f4: 00007ff6df416bc2 / 0x0106bc2: 00 != 41
  361. cf8.22f4: 00007ff6df416bc3 / 0x0106bc3: 00 != 44
  362. cf8.22f4: 00007ff6df416bc4 / 0x0106bc4: 00 != 44
  363. cf8.22f4: 00007ff6df416bc5 / 0x0106bc5: 00 != 49
  364. cf8.22f4: 00007ff6df416bc6 / 0x0106bc6: 00 != 4e
  365. cf8.22f4: 00007ff6df416bc7 / 0x0106bc7: 00 != 47
  366. cf8.22f4: 00007ff6df416bc8 / 0x0106bc8: 00 != 50
  367. cf8.22f4: 00007ff6df416bc9 / 0x0106bc9: 00 != 41
  368. cf8.22f4: 00007ff6df416bca / 0x0106bca: 00 != 44
  369. cf8.22f4: 00007ff6df416bcb / 0x0106bcb: 00 != 44
  370. cf8.22f4: 00007ff6df416bcc / 0x0106bcc: 00 != 49
  371. cf8.22f4: 00007ff6df416bcd / 0x0106bcd: 00 != 4e
  372. cf8.22f4: 00007ff6df416bce / 0x0106bce: 00 != 47
  373. cf8.22f4: 00007ff6df416bcf / 0x0106bcf: 00 != 58
  374. cf8.22f4: 00007ff6df416bd0 / 0x0106bd0: 00 != 58
  375. cf8.22f4: 00007ff6df416bd1 / 0x0106bd1: 00 != 50
  376. cf8.22f4: 00007ff6df416bd2 / 0x0106bd2: 00 != 41
  377. cf8.22f4: 00007ff6df416bd3 / 0x0106bd3: 00 != 44
  378. cf8.22f4: 00007ff6df416bd4 / 0x0106bd4: 00 != 44
  379. cf8.22f4: 00007ff6df416bd5 / 0x0106bd5: 00 != 49
  380. cf8.22f4: 00007ff6df416bd6 / 0x0106bd6: 00 != 4e
  381. cf8.22f4: 00007ff6df416bd7 / 0x0106bd7: 00 != 47
  382. cf8.22f4: 00007ff6df416bd8 / 0x0106bd8: 00 != 50
  383. cf8.22f4: 00007ff6df416bd9 / 0x0106bd9: 00 != 41
  384. cf8.22f4: 00007ff6df416bda / 0x0106bda: 00 != 44
  385. cf8.22f4: 00007ff6df416bdb / 0x0106bdb: 00 != 44
  386. cf8.22f4: 00007ff6df416bdc / 0x0106bdc: 00 != 49
  387. cf8.22f4: 00007ff6df416bdd / 0x0106bdd: 00 != 4e
  388. cf8.22f4: 00007ff6df416bde / 0x0106bde: 00 != 47
  389. cf8.22f4: 00007ff6df416bdf / 0x0106bdf: 00 != 58
  390. cf8.22f4: 00007ff6df416be0 / 0x0106be0: 00 != 58
  391. cf8.22f4: 00007ff6df416be1 / 0x0106be1: 00 != 50
  392. cf8.22f4: 00007ff6df416be2 / 0x0106be2: 00 != 41
  393. cf8.22f4: 00007ff6df416be3 / 0x0106be3: 00 != 44
  394. cf8.22f4: 00007ff6df416be4 / 0x0106be4: 00 != 44
  395. cf8.22f4: 00007ff6df416be5 / 0x0106be5: 00 != 49
  396. cf8.22f4: 00007ff6df416be6 / 0x0106be6: 00 != 4e
  397. cf8.22f4: 00007ff6df416be7 / 0x0106be7: 00 != 47
  398. cf8.22f4: 00007ff6df416be8 / 0x0106be8: 00 != 50
  399. cf8.22f4: 00007ff6df416be9 / 0x0106be9: 00 != 41
  400. cf8.22f4: 00007ff6df416bea / 0x0106bea: 00 != 44
  401. cf8.22f4: 00007ff6df416beb / 0x0106beb: 00 != 44
  402. cf8.22f4: 00007ff6df416bec / 0x0106bec: 00 != 49
  403. cf8.22f4: 00007ff6df416bed / 0x0106bed: 00 != 4e
  404. cf8.22f4: 00007ff6df416bee / 0x0106bee: 00 != 47
  405. cf8.22f4: 00007ff6df416bef / 0x0106bef: 00 != 58
  406. cf8.22f4: 00007ff6df416bf0 / 0x0106bf0: 00 != 58
  407. cf8.22f4: 00007ff6df416bf1 / 0x0106bf1: 00 != 50
  408. cf8.22f4: 00007ff6df416bf2 / 0x0106bf2: 00 != 41
  409. cf8.22f4: 00007ff6df416bf3 / 0x0106bf3: 00 != 44
  410. cf8.22f4: 00007ff6df416bf4 / 0x0106bf4: 00 != 44
  411. cf8.22f4: 00007ff6df416bf5 / 0x0106bf5: 00 != 49
  412. cf8.22f4: 00007ff6df416bf6 / 0x0106bf6: 00 != 4e
  413. cf8.22f4: 00007ff6df416bf7 / 0x0106bf7: 00 != 47
  414. cf8.22f4: 00007ff6df416bf8 / 0x0106bf8: 00 != 50
  415. cf8.22f4: 00007ff6df416bf9 / 0x0106bf9: 00 != 41
  416. cf8.22f4: 00007ff6df416bfa / 0x0106bfa: 00 != 44
  417. cf8.22f4: 00007ff6df416bfb / 0x0106bfb: 00 != 44
  418. cf8.22f4: 00007ff6df416bfc / 0x0106bfc: 00 != 49
  419. cf8.22f4: 00007ff6df416bfd / 0x0106bfd: 00 != 4e
  420. cf8.22f4: 00007ff6df416bfe / 0x0106bfe: 00 != 47
  421. cf8.22f4: 00007ff6df416bff / 0x0106bff: 00 != 58
  422. cf8.22f4: Restored 0x4d8 bytes of original file content at 00007ff6df416b28
  423. cf8.22f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  424. cf8.22f4: ntdll.dll: Differences in section #8 (.00cfg) between file and memory:
  425. cf8.22f4: 00007ff8ff175001 / 0x0185001: 10 != cd
  426. cf8.22f4: 00007ff8ff175002 / 0x0185002: 09 != 07
  427. cf8.22f4: Restored 0x8 bytes of original file content at 00007ff8ff175000
  428. cf8.22f4: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
  429. cf8.22f4: 00007ff8fdb36640 / 0x0086640: e0 != 60
  430. cf8.22f4: 00007ff8fdb36641 / 0x0086641: 8e != cc
  431. cf8.22f4: 00007ff8fdb36642 / 0x0086642: ad != 07
  432. cf8.22f4: 00007ff8fdb36643 / 0x0086643: fd != ff
  433. cf8.22f4: 00007ff8fdb36649 / 0x0086649: 91 != cd
  434. cf8.22f4: 00007ff8fdb3664a / 0x008664a: ad != 07
  435. cf8.22f4: 00007ff8fdb3664b / 0x008664b: fd != ff
  436. cf8.22f4: Restored 0x2000 bytes of original file content at 00007ff8fdb36000
  437. cf8.22f4: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
  438. cf8.22f4: 00007ff8fcdac030 / 0x01ec030: 80 != 60
  439. cf8.22f4: 00007ff8fcdac031 / 0x01ec031: db != cc
  440. cf8.22f4: 00007ff8fcdac032 / 0x01ec032: c7 != 07
  441. cf8.22f4: 00007ff8fcdac033 / 0x01ec033: fc != ff
  442. cf8.22f4: 00007ff8fcdac038 / 0x01ec038: 30 != 00
  443. cf8.22f4: 00007ff8fcdac039 / 0x01ec039: df != cd
  444. cf8.22f4: 00007ff8fcdac03a / 0x01ec03a: c7 != 07
  445. cf8.22f4: 00007ff8fcdac03b / 0x01ec03b: fc != ff
  446. cf8.22f4: Restored 0x2000 bytes of original file content at 00007ff8fcdac000
  447. cf8.22f4: supHardNtVpCheckHandles:
  448. cf8.22f4: supHardNtVpCheckHandles: Marked Mutant handle non-inheritable: 0000000000003d80
  449. cf8.22f4: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=6
  450. cf8.22f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  451. cf8.22f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  452. cf8.22f4: supR3HardNtEnableThreadCreationEx:
  453. cf8.22f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ff065c10 pvNtTerminateThread=00007ff8ff08df40
  454. cf8.22f4: supR3HardenedWinDoReSpawn(1): New child 2d2c.3588 [kernel32].
  455. cf8.22f4: supR3HardNtChildGatherData: PebBaseAddress=0000009ff3f3f000 cbPeb=0x388
  456. cf8.22f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8feff0000 uNtDllChildAddr=00007ff8feff0000
  457. cf8.22f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8ff065c10
  458. cf8.22f4: supR3HardenedWinSetupChildInit: Initial context:
  459. rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6df31b790 rdx=0000009ff3f3f000
  460. rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  461. r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  462. r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
  463. rip=00007ff8ff03cc70 rsp=0000009ff3d9fc48 rbp=0000000000000000 ctxflags=0010001b
  464. cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
  465. P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
  466. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  467. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  468. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
  469. cf8.22f4: supR3HardenedWinSetupChildInit: Start child.
  470. cf8.22f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  471. cf8.22f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 16 sleeps
  472. cf8.22f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  473. cf8.22f4: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  474. cf8.22f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  475. cf8.22f4: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
  476. cf8.22f4: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
  477. cf8.22f4: 000000007ffe3000-0000009ff3c9ffff 0x0001/0x0000 0x0000000
  478. cf8.22f4: *0000009ff3ca0000-0000009ff3d9afff 0x0000/0x0004 0x0020000
  479. cf8.22f4: 0000009ff3d9b000-0000009ff3d9dfff 0x0104/0x0004 0x0020000
  480. cf8.22f4: 0000009ff3d9e000-0000009ff3d9ffff 0x0004/0x0004 0x0020000
  481. cf8.22f4: 0000009ff3da0000-0000009ff3dfffff 0x0001/0x0000 0x0000000
  482. cf8.22f4: *0000009ff3e00000-0000009ff3f3efff 0x0000/0x0004 0x0020000
  483. cf8.22f4: 0000009ff3f3f000-0000009ff3f41fff 0x0004/0x0004 0x0020000
  484. cf8.22f4: 0000009ff3f42000-0000009ff3ffffff 0x0000/0x0004 0x0020000
  485. cf8.22f4: 0000009ff4000000-000001baf43cffff 0x0001/0x0000 0x0000000
  486. cf8.22f4: *000001baf43d0000-000001baf43effff 0x0004/0x0004 0x0020000
  487. cf8.22f4: *000001baf43f0000-000001baf440cfff 0x0002/0x0002 0x0040000
  488. cf8.22f4: 000001baf440d000-000001baf440ffff 0x0001/0x0000 0x0000000
  489. cf8.22f4: *000001baf4410000-000001baf4413fff 0x0002/0x0002 0x0040000
  490. cf8.22f4: 000001baf4414000-000001baf441ffff 0x0001/0x0000 0x0000000
  491. cf8.22f4: *000001baf4420000-000001baf4420fff 0x0002/0x0002 0x0040000
  492. cf8.22f4: 000001baf4421000-000001baf442ffff 0x0001/0x0000 0x0000000
  493. cf8.22f4: *000001baf4430000-000001baf4431fff 0x0004/0x0004 0x0020000
  494. cf8.22f4: 000001baf4432000-00007df5dfa5ffff 0x0001/0x0000 0x0000000
  495. cf8.22f4: *00007df5dfa60000-00007df5dfa60fff 0x0002/0x0002 0x0040000
  496. cf8.22f4: 00007df5dfa61000-00007df5dfa6ffff 0x0001/0x0000 0x0000000
  497. cf8.22f4: *00007df5dfa70000-00007df5dfa92fff 0x0002/0x0002 0x0040000
  498. cf8.22f4: 00007df5dfa93000-00007df5dfa9ffff 0x0001/0x0000 0x0000000
  499. cf8.22f4: *00007df5dfaa0000-00007df5e15b2fff 0x0000/0x0001 0x0040000
  500. cf8.22f4: 00007df5e15b3000-00007df5e15d4fff 0x0001/0x0001 0x0040000
  501. cf8.22f4: 00007df5e15d5000-00007df5e186afff 0x0000/0x0001 0x0040000
  502. cf8.22f4: 00007df5e186b000-00007df5e186bfff 0x0001/0x0001 0x0040000
  503. cf8.22f4: 00007df5e186c000-00007ff5bb26bfff 0x0000/0x0001 0x0040000
  504. cf8.22f4: 00007ff5bb26c000-00007ff5bb270fff 0x0002/0x0001 0x0040000
  505. cf8.22f4: 00007ff5bb271000-00007ff5c1ff8fff 0x0000/0x0001 0x0040000
  506. cf8.22f4: 00007ff5c1ff9000-00007ff5c3a5efff 0x0001/0x0001 0x0040000
  507. cf8.22f4: 00007ff5c3a5f000-00007ff5c3a67fff 0x0002/0x0001 0x0040000
  508. cf8.22f4: 00007ff5c3a68000-00007ff5dfa9ffff 0x0000/0x0001 0x0040000
  509. cf8.22f4: 00007ff5dfaa0000-00007ff6df30ffff 0x0001/0x0000 0x0000000
  510. cf8.22f4: *00007ff6df310000-00007ff6df310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  511. cf8.22f4: 00007ff6df311000-00007ff6df37bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  512. cf8.22f4: 00007ff6df37c000-00007ff6df37cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  513. cf8.22f4: 00007ff6df37d000-00007ff6df3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  514. cf8.22f4: 00007ff6df3d1000-00007ff6df3d1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  515. cf8.22f4: 00007ff6df3d2000-00007ff6df3d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  516. cf8.22f4: 00007ff6df3d3000-00007ff6df3d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  517. cf8.22f4: 00007ff6df3d8000-00007ff6df3ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  518. cf8.22f4: 00007ff6df3de000-00007ff6df417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  519. cf8.22f4: 00007ff6df418000-00007ff8fefeffff 0x0001/0x0000 0x0000000
  520. cf8.22f4: *00007ff8feff0000-00007ff8feff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  521. cf8.22f4: 00007ff8feff1000-00007ff8ff10cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  522. cf8.22f4: 00007ff8ff10d000-00007ff8ff155fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  523. cf8.22f4: 00007ff8ff156000-00007ff8ff161fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  524. cf8.22f4: 00007ff8ff162000-00007ff8ff170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  525. cf8.22f4: 00007ff8ff171000-00007ff8ff171fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  526. cf8.22f4: 00007ff8ff172000-00007ff8ff174fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  527. cf8.22f4: 00007ff8ff175000-00007ff8ff1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  528. cf8.22f4: 00007ff8ff1e8000-00007ffffffeffff 0x0001/0x0000 0x0000000
  529. cf8.22f4: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  530. cf8.22f4: 00007ff6df416b28 / 0x0106b28: 00 != 50
  531. cf8.22f4: 00007ff6df416b29 / 0x0106b29: 00 != 41
  532. cf8.22f4: 00007ff6df416b2a / 0x0106b2a: 00 != 44
  533. cf8.22f4: 00007ff6df416b2b / 0x0106b2b: 00 != 44
  534. cf8.22f4: 00007ff6df416b2c / 0x0106b2c: 00 != 49
  535. cf8.22f4: 00007ff6df416b2d / 0x0106b2d: 00 != 4e
  536. cf8.22f4: 00007ff6df416b2e / 0x0106b2e: 00 != 47
  537. cf8.22f4: 00007ff6df416b2f / 0x0106b2f: 00 != 58
  538. cf8.22f4: 00007ff6df416b30 / 0x0106b30: 00 != 58
  539. cf8.22f4: 00007ff6df416b31 / 0x0106b31: 00 != 50
  540. cf8.22f4: 00007ff6df416b32 / 0x0106b32: 00 != 41
  541. cf8.22f4: 00007ff6df416b33 / 0x0106b33: 00 != 44
  542. cf8.22f4: 00007ff6df416b34 / 0x0106b34: 00 != 44
  543. cf8.22f4: 00007ff6df416b35 / 0x0106b35: 00 != 49
  544. cf8.22f4: 00007ff6df416b36 / 0x0106b36: 00 != 4e
  545. cf8.22f4: 00007ff6df416b37 / 0x0106b37: 00 != 47
  546. cf8.22f4: 00007ff6df416b38 / 0x0106b38: 00 != 50
  547. cf8.22f4: 00007ff6df416b39 / 0x0106b39: 00 != 41
  548. cf8.22f4: 00007ff6df416b3a / 0x0106b3a: 00 != 44
  549. cf8.22f4: 00007ff6df416b3b / 0x0106b3b: 00 != 44
  550. cf8.22f4: 00007ff6df416b3c / 0x0106b3c: 00 != 49
  551. cf8.22f4: 00007ff6df416b3d / 0x0106b3d: 00 != 4e
  552. cf8.22f4: 00007ff6df416b3e / 0x0106b3e: 00 != 47
  553. cf8.22f4: 00007ff6df416b3f / 0x0106b3f: 00 != 58
  554. cf8.22f4: 00007ff6df416b40 / 0x0106b40: 00 != 58
  555. cf8.22f4: 00007ff6df416b41 / 0x0106b41: 00 != 50
  556. cf8.22f4: 00007ff6df416b42 / 0x0106b42: 00 != 41
  557. cf8.22f4: 00007ff6df416b43 / 0x0106b43: 00 != 44
  558. cf8.22f4: 00007ff6df416b44 / 0x0106b44: 00 != 44
  559. cf8.22f4: 00007ff6df416b45 / 0x0106b45: 00 != 49
  560. cf8.22f4: 00007ff6df416b46 / 0x0106b46: 00 != 4e
  561. cf8.22f4: 00007ff6df416b47 / 0x0106b47: 00 != 47
  562. cf8.22f4: 00007ff6df416b48 / 0x0106b48: 00 != 50
  563. cf8.22f4: 00007ff6df416b49 / 0x0106b49: 00 != 41
  564. cf8.22f4: 00007ff6df416b4a / 0x0106b4a: 00 != 44
  565. cf8.22f4: 00007ff6df416b4b / 0x0106b4b: 00 != 44
  566. cf8.22f4: 00007ff6df416b4c / 0x0106b4c: 00 != 49
  567. cf8.22f4: 00007ff6df416b4d / 0x0106b4d: 00 != 4e
  568. cf8.22f4: 00007ff6df416b4e / 0x0106b4e: 00 != 47
  569. cf8.22f4: 00007ff6df416b4f / 0x0106b4f: 00 != 58
  570. cf8.22f4: 00007ff6df416b50 / 0x0106b50: 00 != 58
  571. cf8.22f4: 00007ff6df416b51 / 0x0106b51: 00 != 50
  572. cf8.22f4: 00007ff6df416b52 / 0x0106b52: 00 != 41
  573. cf8.22f4: 00007ff6df416b53 / 0x0106b53: 00 != 44
  574. cf8.22f4: 00007ff6df416b54 / 0x0106b54: 00 != 44
  575. cf8.22f4: 00007ff6df416b55 / 0x0106b55: 00 != 49
  576. cf8.22f4: 00007ff6df416b56 / 0x0106b56: 00 != 4e
  577. cf8.22f4: 00007ff6df416b57 / 0x0106b57: 00 != 47
  578. cf8.22f4: 00007ff6df416b58 / 0x0106b58: 00 != 50
  579. cf8.22f4: 00007ff6df416b59 / 0x0106b59: 00 != 41
  580. cf8.22f4: 00007ff6df416b5a / 0x0106b5a: 00 != 44
  581. cf8.22f4: 00007ff6df416b5b / 0x0106b5b: 00 != 44
  582. cf8.22f4: 00007ff6df416b5c / 0x0106b5c: 00 != 49
  583. cf8.22f4: 00007ff6df416b5d / 0x0106b5d: 00 != 4e
  584. cf8.22f4: 00007ff6df416b5e / 0x0106b5e: 00 != 47
  585. cf8.22f4: 00007ff6df416b5f / 0x0106b5f: 00 != 58
  586. cf8.22f4: 00007ff6df416b60 / 0x0106b60: 00 != 58
  587. cf8.22f4: 00007ff6df416b61 / 0x0106b61: 00 != 50
  588. cf8.22f4: 00007ff6df416b62 / 0x0106b62: 00 != 41
  589. cf8.22f4: 00007ff6df416b63 / 0x0106b63: 00 != 44
  590. cf8.22f4: 00007ff6df416b64 / 0x0106b64: 00 != 44
  591. cf8.22f4: 00007ff6df416b65 / 0x0106b65: 00 != 49
  592. cf8.22f4: 00007ff6df416b66 / 0x0106b66: 00 != 4e
  593. cf8.22f4: 00007ff6df416b67 / 0x0106b67: 00 != 47
  594. cf8.22f4: 00007ff6df416b68 / 0x0106b68: 00 != 50
  595. cf8.22f4: 00007ff6df416b69 / 0x0106b69: 00 != 41
  596. cf8.22f4: 00007ff6df416b6a / 0x0106b6a: 00 != 44
  597. cf8.22f4: 00007ff6df416b6b / 0x0106b6b: 00 != 44
  598. cf8.22f4: 00007ff6df416b6c / 0x0106b6c: 00 != 49
  599. cf8.22f4: 00007ff6df416b6d / 0x0106b6d: 00 != 4e
  600. cf8.22f4: 00007ff6df416b6e / 0x0106b6e: 00 != 47
  601. cf8.22f4: 00007ff6df416b6f / 0x0106b6f: 00 != 58
  602. cf8.22f4: 00007ff6df416b70 / 0x0106b70: 00 != 58
  603. cf8.22f4: 00007ff6df416b71 / 0x0106b71: 00 != 50
  604. cf8.22f4: 00007ff6df416b72 / 0x0106b72: 00 != 41
  605. cf8.22f4: 00007ff6df416b73 / 0x0106b73: 00 != 44
  606. cf8.22f4: 00007ff6df416b74 / 0x0106b74: 00 != 44
  607. cf8.22f4: 00007ff6df416b75 / 0x0106b75: 00 != 49
  608. cf8.22f4: 00007ff6df416b76 / 0x0106b76: 00 != 4e
  609. cf8.22f4: 00007ff6df416b77 / 0x0106b77: 00 != 47
  610. cf8.22f4: 00007ff6df416b78 / 0x0106b78: 00 != 50
  611. cf8.22f4: 00007ff6df416b79 / 0x0106b79: 00 != 41
  612. cf8.22f4: 00007ff6df416b7a / 0x0106b7a: 00 != 44
  613. cf8.22f4: 00007ff6df416b7b / 0x0106b7b: 00 != 44
  614. cf8.22f4: 00007ff6df416b7c / 0x0106b7c: 00 != 49
  615. cf8.22f4: 00007ff6df416b7d / 0x0106b7d: 00 != 4e
  616. cf8.22f4: 00007ff6df416b7e / 0x0106b7e: 00 != 47
  617. cf8.22f4: 00007ff6df416b7f / 0x0106b7f: 00 != 58
  618. cf8.22f4: 00007ff6df416b80 / 0x0106b80: 00 != 58
  619. cf8.22f4: 00007ff6df416b81 / 0x0106b81: 00 != 50
  620. cf8.22f4: 00007ff6df416b82 / 0x0106b82: 00 != 41
  621. cf8.22f4: 00007ff6df416b83 / 0x0106b83: 00 != 44
  622. cf8.22f4: 00007ff6df416b84 / 0x0106b84: 00 != 44
  623. cf8.22f4: 00007ff6df416b85 / 0x0106b85: 00 != 49
  624. cf8.22f4: 00007ff6df416b86 / 0x0106b86: 00 != 4e
  625. cf8.22f4: 00007ff6df416b87 / 0x0106b87: 00 != 47
  626. cf8.22f4: 00007ff6df416b88 / 0x0106b88: 00 != 50
  627. cf8.22f4: 00007ff6df416b89 / 0x0106b89: 00 != 41
  628. cf8.22f4: 00007ff6df416b8a / 0x0106b8a: 00 != 44
  629. cf8.22f4: 00007ff6df416b8b / 0x0106b8b: 00 != 44
  630. cf8.22f4: 00007ff6df416b8c / 0x0106b8c: 00 != 49
  631. cf8.22f4: 00007ff6df416b8d / 0x0106b8d: 00 != 4e
  632. cf8.22f4: 00007ff6df416b8e / 0x0106b8e: 00 != 47
  633. cf8.22f4: 00007ff6df416b8f / 0x0106b8f: 00 != 58
  634. cf8.22f4: 00007ff6df416b90 / 0x0106b90: 00 != 58
  635. cf8.22f4: 00007ff6df416b91 / 0x0106b91: 00 != 50
  636. cf8.22f4: 00007ff6df416b92 / 0x0106b92: 00 != 41
  637. cf8.22f4: 00007ff6df416b93 / 0x0106b93: 00 != 44
  638. cf8.22f4: 00007ff6df416b94 / 0x0106b94: 00 != 44
  639. cf8.22f4: 00007ff6df416b95 / 0x0106b95: 00 != 49
  640. cf8.22f4: 00007ff6df416b96 / 0x0106b96: 00 != 4e
  641. cf8.22f4: 00007ff6df416b97 / 0x0106b97: 00 != 47
  642. cf8.22f4: 00007ff6df416b98 / 0x0106b98: 00 != 50
  643. cf8.22f4: 00007ff6df416b99 / 0x0106b99: 00 != 41
  644. cf8.22f4: 00007ff6df416b9a / 0x0106b9a: 00 != 44
  645. cf8.22f4: 00007ff6df416b9b / 0x0106b9b: 00 != 44
  646. cf8.22f4: 00007ff6df416b9c / 0x0106b9c: 00 != 49
  647. cf8.22f4: 00007ff6df416b9d / 0x0106b9d: 00 != 4e
  648. cf8.22f4: 00007ff6df416b9e / 0x0106b9e: 00 != 47
  649. cf8.22f4: 00007ff6df416b9f / 0x0106b9f: 00 != 58
  650. cf8.22f4: 00007ff6df416ba0 / 0x0106ba0: 00 != 58
  651. cf8.22f4: 00007ff6df416ba1 / 0x0106ba1: 00 != 50
  652. cf8.22f4: 00007ff6df416ba2 / 0x0106ba2: 00 != 41
  653. cf8.22f4: 00007ff6df416ba3 / 0x0106ba3: 00 != 44
  654. cf8.22f4: 00007ff6df416ba4 / 0x0106ba4: 00 != 44
  655. cf8.22f4: 00007ff6df416ba5 / 0x0106ba5: 00 != 49
  656. cf8.22f4: 00007ff6df416ba6 / 0x0106ba6: 00 != 4e
  657. cf8.22f4: 00007ff6df416ba7 / 0x0106ba7: 00 != 47
  658. cf8.22f4: 00007ff6df416ba8 / 0x0106ba8: 00 != 50
  659. cf8.22f4: 00007ff6df416ba9 / 0x0106ba9: 00 != 41
  660. cf8.22f4: 00007ff6df416baa / 0x0106baa: 00 != 44
  661. cf8.22f4: 00007ff6df416bab / 0x0106bab: 00 != 44
  662. cf8.22f4: 00007ff6df416bac / 0x0106bac: 00 != 49
  663. cf8.22f4: 00007ff6df416bad / 0x0106bad: 00 != 4e
  664. cf8.22f4: 00007ff6df416bae / 0x0106bae: 00 != 47
  665. cf8.22f4: 00007ff6df416baf / 0x0106baf: 00 != 58
  666. cf8.22f4: 00007ff6df416bb0 / 0x0106bb0: 00 != 58
  667. cf8.22f4: 00007ff6df416bb1 / 0x0106bb1: 00 != 50
  668. cf8.22f4: 00007ff6df416bb2 / 0x0106bb2: 00 != 41
  669. cf8.22f4: 00007ff6df416bb3 / 0x0106bb3: 00 != 44
  670. cf8.22f4: 00007ff6df416bb4 / 0x0106bb4: 00 != 44
  671. cf8.22f4: 00007ff6df416bb5 / 0x0106bb5: 00 != 49
  672. cf8.22f4: 00007ff6df416bb6 / 0x0106bb6: 00 != 4e
  673. cf8.22f4: 00007ff6df416bb7 / 0x0106bb7: 00 != 47
  674. cf8.22f4: 00007ff6df416bb8 / 0x0106bb8: 00 != 50
  675. cf8.22f4: 00007ff6df416bb9 / 0x0106bb9: 00 != 41
  676. cf8.22f4: 00007ff6df416bba / 0x0106bba: 00 != 44
  677. cf8.22f4: 00007ff6df416bbb / 0x0106bbb: 00 != 44
  678. cf8.22f4: 00007ff6df416bbc / 0x0106bbc: 00 != 49
  679. cf8.22f4: 00007ff6df416bbd / 0x0106bbd: 00 != 4e
  680. cf8.22f4: 00007ff6df416bbe / 0x0106bbe: 00 != 47
  681. cf8.22f4: 00007ff6df416bbf / 0x0106bbf: 00 != 58
  682. cf8.22f4: 00007ff6df416bc0 / 0x0106bc0: 00 != 58
  683. cf8.22f4: 00007ff6df416bc1 / 0x0106bc1: 00 != 50
  684. cf8.22f4: 00007ff6df416bc2 / 0x0106bc2: 00 != 41
  685. cf8.22f4: 00007ff6df416bc3 / 0x0106bc3: 00 != 44
  686. cf8.22f4: 00007ff6df416bc4 / 0x0106bc4: 00 != 44
  687. cf8.22f4: 00007ff6df416bc5 / 0x0106bc5: 00 != 49
  688. cf8.22f4: 00007ff6df416bc6 / 0x0106bc6: 00 != 4e
  689. cf8.22f4: 00007ff6df416bc7 / 0x0106bc7: 00 != 47
  690. cf8.22f4: 00007ff6df416bc8 / 0x0106bc8: 00 != 50
  691. cf8.22f4: 00007ff6df416bc9 / 0x0106bc9: 00 != 41
  692. cf8.22f4: 00007ff6df416bca / 0x0106bca: 00 != 44
  693. cf8.22f4: 00007ff6df416bcb / 0x0106bcb: 00 != 44
  694. cf8.22f4: 00007ff6df416bcc / 0x0106bcc: 00 != 49
  695. cf8.22f4: 00007ff6df416bcd / 0x0106bcd: 00 != 4e
  696. cf8.22f4: 00007ff6df416bce / 0x0106bce: 00 != 47
  697. cf8.22f4: 00007ff6df416bcf / 0x0106bcf: 00 != 58
  698. cf8.22f4: 00007ff6df416bd0 / 0x0106bd0: 00 != 58
  699. cf8.22f4: 00007ff6df416bd1 / 0x0106bd1: 00 != 50
  700. cf8.22f4: 00007ff6df416bd2 / 0x0106bd2: 00 != 41
  701. cf8.22f4: 00007ff6df416bd3 / 0x0106bd3: 00 != 44
  702. cf8.22f4: 00007ff6df416bd4 / 0x0106bd4: 00 != 44
  703. cf8.22f4: 00007ff6df416bd5 / 0x0106bd5: 00 != 49
  704. cf8.22f4: 00007ff6df416bd6 / 0x0106bd6: 00 != 4e
  705. cf8.22f4: 00007ff6df416bd7 / 0x0106bd7: 00 != 47
  706. cf8.22f4: 00007ff6df416bd8 / 0x0106bd8: 00 != 50
  707. cf8.22f4: 00007ff6df416bd9 / 0x0106bd9: 00 != 41
  708. cf8.22f4: 00007ff6df416bda / 0x0106bda: 00 != 44
  709. cf8.22f4: 00007ff6df416bdb / 0x0106bdb: 00 != 44
  710. cf8.22f4: 00007ff6df416bdc / 0x0106bdc: 00 != 49
  711. cf8.22f4: 00007ff6df416bdd / 0x0106bdd: 00 != 4e
  712. cf8.22f4: 00007ff6df416bde / 0x0106bde: 00 != 47
  713. cf8.22f4: 00007ff6df416bdf / 0x0106bdf: 00 != 58
  714. cf8.22f4: 00007ff6df416be0 / 0x0106be0: 00 != 58
  715. cf8.22f4: 00007ff6df416be1 / 0x0106be1: 00 != 50
  716. cf8.22f4: 00007ff6df416be2 / 0x0106be2: 00 != 41
  717. cf8.22f4: 00007ff6df416be3 / 0x0106be3: 00 != 44
  718. cf8.22f4: 00007ff6df416be4 / 0x0106be4: 00 != 44
  719. cf8.22f4: 00007ff6df416be5 / 0x0106be5: 00 != 49
  720. cf8.22f4: 00007ff6df416be6 / 0x0106be6: 00 != 4e
  721. cf8.22f4: 00007ff6df416be7 / 0x0106be7: 00 != 47
  722. cf8.22f4: 00007ff6df416be8 / 0x0106be8: 00 != 50
  723. cf8.22f4: 00007ff6df416be9 / 0x0106be9: 00 != 41
  724. cf8.22f4: 00007ff6df416bea / 0x0106bea: 00 != 44
  725. cf8.22f4: 00007ff6df416beb / 0x0106beb: 00 != 44
  726. cf8.22f4: 00007ff6df416bec / 0x0106bec: 00 != 49
  727. cf8.22f4: 00007ff6df416bed / 0x0106bed: 00 != 4e
  728. cf8.22f4: 00007ff6df416bee / 0x0106bee: 00 != 47
  729. cf8.22f4: 00007ff6df416bef / 0x0106bef: 00 != 58
  730. cf8.22f4: 00007ff6df416bf0 / 0x0106bf0: 00 != 58
  731. cf8.22f4: 00007ff6df416bf1 / 0x0106bf1: 00 != 50
  732. cf8.22f4: 00007ff6df416bf2 / 0x0106bf2: 00 != 41
  733. cf8.22f4: 00007ff6df416bf3 / 0x0106bf3: 00 != 44
  734. cf8.22f4: 00007ff6df416bf4 / 0x0106bf4: 00 != 44
  735. cf8.22f4: 00007ff6df416bf5 / 0x0106bf5: 00 != 49
  736. cf8.22f4: 00007ff6df416bf6 / 0x0106bf6: 00 != 4e
  737. cf8.22f4: 00007ff6df416bf7 / 0x0106bf7: 00 != 47
  738. cf8.22f4: 00007ff6df416bf8 / 0x0106bf8: 00 != 50
  739. cf8.22f4: 00007ff6df416bf9 / 0x0106bf9: 00 != 41
  740. cf8.22f4: 00007ff6df416bfa / 0x0106bfa: 00 != 44
  741. cf8.22f4: 00007ff6df416bfb / 0x0106bfb: 00 != 44
  742. cf8.22f4: 00007ff6df416bfc / 0x0106bfc: 00 != 49
  743. cf8.22f4: 00007ff6df416bfd / 0x0106bfd: 00 != 4e
  744. cf8.22f4: 00007ff6df416bfe / 0x0106bfe: 00 != 47
  745. cf8.22f4: 00007ff6df416bff / 0x0106bff: 00 != 58
  746. cf8.22f4: Restored 0x4d8 bytes of original file content at 00007ff6df416b28
  747. cf8.22f4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
  748. cf8.22f4: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 32 sleeps
  749. cf8.22f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  750. cf8.22f4: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  751. cf8.22f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  752. cf8.22f4: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
  753. cf8.22f4: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
  754. cf8.22f4: 000000007ffe3000-0000009ff3c9ffff 0x0001/0x0000 0x0000000
  755. cf8.22f4: *0000009ff3ca0000-0000009ff3d9afff 0x0000/0x0004 0x0020000
  756. cf8.22f4: 0000009ff3d9b000-0000009ff3d9dfff 0x0104/0x0004 0x0020000
  757. cf8.22f4: 0000009ff3d9e000-0000009ff3d9ffff 0x0004/0x0004 0x0020000
  758. cf8.22f4: 0000009ff3da0000-0000009ff3dfffff 0x0001/0x0000 0x0000000
  759. cf8.22f4: *0000009ff3e00000-0000009ff3f3efff 0x0000/0x0004 0x0020000
  760. cf8.22f4: 0000009ff3f3f000-0000009ff3f41fff 0x0004/0x0004 0x0020000
  761. cf8.22f4: 0000009ff3f42000-0000009ff3ffffff 0x0000/0x0004 0x0020000
  762. cf8.22f4: 0000009ff4000000-000001baf43cffff 0x0001/0x0000 0x0000000
  763. cf8.22f4: *000001baf43d0000-000001baf43effff 0x0004/0x0004 0x0020000
  764. cf8.22f4: *000001baf43f0000-000001baf440cfff 0x0002/0x0002 0x0040000
  765. cf8.22f4: 000001baf440d000-000001baf440ffff 0x0001/0x0000 0x0000000
  766. cf8.22f4: *000001baf4410000-000001baf4413fff 0x0002/0x0002 0x0040000
  767. cf8.22f4: 000001baf4414000-000001baf441ffff 0x0001/0x0000 0x0000000
  768. cf8.22f4: *000001baf4420000-000001baf4420fff 0x0002/0x0002 0x0040000
  769. cf8.22f4: 000001baf4421000-000001baf442ffff 0x0001/0x0000 0x0000000
  770. cf8.22f4: *000001baf4430000-000001baf4431fff 0x0004/0x0004 0x0020000
  771. cf8.22f4: 000001baf4432000-00007df5dfa5ffff 0x0001/0x0000 0x0000000
  772. cf8.22f4: *00007df5dfa60000-00007df5dfa60fff 0x0002/0x0002 0x0040000
  773. cf8.22f4: 00007df5dfa61000-00007df5dfa6ffff 0x0001/0x0000 0x0000000
  774. cf8.22f4: *00007df5dfa70000-00007df5dfa92fff 0x0002/0x0002 0x0040000
  775. cf8.22f4: 00007df5dfa93000-00007df5dfa9ffff 0x0001/0x0000 0x0000000
  776. cf8.22f4: *00007df5dfaa0000-00007df5e15b2fff 0x0000/0x0001 0x0040000
  777. cf8.22f4: 00007df5e15b3000-00007df5e15d4fff 0x0001/0x0001 0x0040000
  778. cf8.22f4: 00007df5e15d5000-00007df5e186afff 0x0000/0x0001 0x0040000
  779. cf8.22f4: 00007df5e186b000-00007df5e186bfff 0x0001/0x0001 0x0040000
  780. cf8.22f4: 00007df5e186c000-00007ff5bb26bfff 0x0000/0x0001 0x0040000
  781. cf8.22f4: 00007ff5bb26c000-00007ff5bb270fff 0x0002/0x0001 0x0040000
  782. cf8.22f4: 00007ff5bb271000-00007ff5c1ff8fff 0x0000/0x0001 0x0040000
  783. cf8.22f4: 00007ff5c1ff9000-00007ff5c3a5efff 0x0001/0x0001 0x0040000
  784. cf8.22f4: 00007ff5c3a5f000-00007ff5c3a67fff 0x0002/0x0001 0x0040000
  785. cf8.22f4: 00007ff5c3a68000-00007ff5dfa9ffff 0x0000/0x0001 0x0040000
  786. cf8.22f4: 00007ff5dfaa0000-00007ff6df30ffff 0x0001/0x0000 0x0000000
  787. cf8.22f4: *00007ff6df310000-00007ff6df310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  788. cf8.22f4: 00007ff6df311000-00007ff6df37bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  789. cf8.22f4: 00007ff6df37c000-00007ff6df37cfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  790. cf8.22f4: 00007ff6df37d000-00007ff6df3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  791. cf8.22f4: 00007ff6df3d1000-00007ff6df3ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  792. cf8.22f4: 00007ff6df3de000-00007ff6df417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  793. cf8.22f4: 00007ff6df418000-00007ff8fefeffff 0x0001/0x0000 0x0000000
  794. cf8.22f4: *00007ff8feff0000-00007ff8feff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  795. cf8.22f4: 00007ff8feff1000-00007ff8ff10cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  796. cf8.22f4: 00007ff8ff10d000-00007ff8ff155fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  797. cf8.22f4: 00007ff8ff156000-00007ff8ff159fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  798. cf8.22f4: 00007ff8ff15a000-00007ff8ff15ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  799. cf8.22f4: 00007ff8ff160000-00007ff8ff161fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  800. cf8.22f4: 00007ff8ff162000-00007ff8ff170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  801. cf8.22f4: 00007ff8ff171000-00007ff8ff171fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  802. cf8.22f4: 00007ff8ff172000-00007ff8ff174fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  803. cf8.22f4: 00007ff8ff175000-00007ff8ff1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  804. cf8.22f4: 00007ff8ff1e8000-00007ffffffeffff 0x0001/0x0000 0x0000000
  805. cf8.22f4: supR3HardNtChildPurify: Done after 794 ms and 1 fixes (loop #1).
  806. 2d2c.3588: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8feff0000 g_uNtVerCombined=0xa04a6500 (stack ~0000009ff3d9ea20)
  807. 2d2c.3588: ntdll.dll: timestamp 0x688f8c4b (rc=VINF_SUCCESS)
  808. 2d2c.3588: New simple heap: #1 000001baf4540000 LB 0x400000 (for 2064384 allocation)
  809. cf8.22f4: supR3HardNtEnableThreadCreationEx:
  810. 2d2c.3588: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  811. 2d2c.3588: System32: \Device\HarddiskVolume4\Windows\System32
  812. 2d2c.3588: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  813. 2d2c.3588: KnownDllPath: C:\WINDOWS\System32
  814. 2d2c.3588: supR3HardenedVmProcessInit: Opening vboxsup stub...
  815. 2d2c.3588: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  816. 2d2c.3588: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  817. 2d2c.3588: Registered Dll notification callback with NTDLL.
  818. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  819. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  820. 2d2c.3588: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  821. 2d2c.3588: supR3HardenedDllNotificationCallback: load 00007ff8fcbc0000 LB 0x002fe000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
  822. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  823. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  824. 2d2c.3588: supR3HardenedDllNotificationCallback: load 00007ff8fdab0000 LB 0x000c2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
  825. 2d2c.3588: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  826. 2d2c.3588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdab0000 'C:\WINDOWS\System32\KERNEL32.DLL'
  827. 2d2c.3588: supR3HardenedDllNotificationCallback: load 00007ff6df310000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
  828. 2d2c.3588: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  829. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  830. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  831. 2d2c.3588: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ff065c10 pvNtTerminateThread=00007ff8ff08df40
  832. cf8.22f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 158 ms.
  833. 2d2c.3588: \SystemRoot\System32\ntdll.dll:
  834. 2d2c.3588: CreationTime: 2024-10-11T12:47:43.281861700Z
  835. 2d2c.3588: LastWriteTime: 2024-10-11T12:47:43.501863200Z
  836. 2d2c.3588: ChangeTime: 2024-12-11T17:56:48.666723500Z
  837. 2d2c.3588: FileAttributes: 0x20
  838. 2d2c.3588: Size: 0x1ef640
  839. 2d2c.3588: NT Headers: 0xe8
  840. 2d2c.3588: Timestamp: 0x688f8c4b
  841. 2d2c.3588: Machine: 0x8664 - amd64
  842. 2d2c.3588: Timestamp: 0x688f8c4b
  843. 2d2c.3588: Image Version: 10.0
  844. 2d2c.3588: SizeOfImage: 0x1f8000 (2064384)
  845. 2d2c.3588: Resource Dir: 0x186000 LB 0x70508
  846. 2d2c.3588: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  847. 2d2c.3588: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  848. 2d2c.3588: ProductName: Microsoft® Windows® Operating System
  849. 2d2c.3588: ProductVersion: 10.0.19041.5007
  850. 2d2c.3588: FileVersion: 10.0.19041.5007 (WinBuild.160101.0800)
  851. 2d2c.3588: FileDescription: NT Layer DLL
  852. 2d2c.3588: \SystemRoot\System32\kernel32.dll:
  853. 2d2c.3588: CreationTime: 2024-11-23T10:20:52.028834300Z
  854. 2d2c.3588: LastWriteTime: 2024-11-23T10:20:52.083382400Z
  855. 2d2c.3588: ChangeTime: 2024-12-11T17:56:49.046712700Z
  856. 2d2c.3588: FileAttributes: 0x20
  857. 2d2c.3588: Size: 0xbf588
  858. 2d2c.3588: NT Headers: 0xf8
  859. 2d2c.3588: Timestamp: 0x87803e41
  860. 2d2c.3588: Machine: 0x8664 - amd64
  861. 2d2c.3588: Timestamp: 0x87803e41
  862. 2d2c.3588: Image Version: 10.0
  863. 2d2c.3588: SizeOfImage: 0xc2000 (794624)
  864. 2d2c.3588: Resource Dir: 0xc0000 LB 0x520
  865. 2d2c.3588: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  866. 2d2c.3588: [Raw version resource data: 0xc00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  867. 2d2c.3588: ProductName: Microsoft® Windows® Operating System
  868. 2d2c.3588: ProductVersion: 10.0.19041.5198
  869. 2d2c.3588: FileVersion: 10.0.19041.5198 (WinBuild.160101.0800)
  870. 2d2c.3588: FileDescription: Windows NT BASE API Client DLL
  871. 2d2c.3588: \SystemRoot\System32\KernelBase.dll:
  872. 2d2c.3588: CreationTime: 2024-11-23T10:20:30.424984400Z
  873. 2d2c.3588: LastWriteTime: 2024-11-23T10:20:30.950571900Z
  874. 2d2c.3588: ChangeTime: 2024-12-11T17:56:48.696719300Z
  875. 2d2c.3588: FileAttributes: 0x20
  876. 2d2c.3588: Size: 0x2ff3c8
  877. 2d2c.3588: NT Headers: 0x100
  878. 2d2c.3588: Timestamp: 0xd1eefc71
  879. 2d2c.3588: Machine: 0x8664 - amd64
  880. 2d2c.3588: Timestamp: 0xd1eefc71
  881. 2d2c.3588: Image Version: 10.0
  882. 2d2c.3588: SizeOfImage: 0x2fe000 (3137536)
  883. 2d2c.3588: Resource Dir: 0x2d4000 LB 0x548
  884. 2d2c.3588: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  885. 2d2c.3588: [Raw version resource data: 0x2d40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  886. 2d2c.3588: ProductName: Microsoft® Windows® Operating System
  887. 2d2c.3588: ProductVersion: 10.0.19041.5198
  888. 2d2c.3588: FileVersion: 10.0.19041.5198 (WinBuild.160101.0800)
  889. 2d2c.3588: FileDescription: Windows NT BASE API Client DLL
  890. 2d2c.3588: \SystemRoot\System32\apisetschema.dll:
  891. 2d2c.3588: CreationTime: 2024-01-27T16:00:25.927257100Z
  892. 2d2c.3588: LastWriteTime: 2024-01-27T16:00:25.974090700Z
  893. 2d2c.3588: ChangeTime: 2024-12-11T17:56:34.404205000Z
  894. 2d2c.3588: FileAttributes: 0x20
  895. 2d2c.3588: Size: 0x1f970
  896. 2d2c.3588: NT Headers: 0xd0
  897. 2d2c.3588: Timestamp: 0x818769b5
  898. 2d2c.3588: Machine: 0x8664 - amd64
  899. 2d2c.3588: Timestamp: 0x818769b5
  900. 2d2c.3588: Image Version: 10.0
  901. 2d2c.3588: SizeOfImage: 0x20000 (131072)
  902. 2d2c.3588: Resource Dir: 0x1f000 LB 0x408
  903. 2d2c.3588: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  904. 2d2c.3588: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  905. 2d2c.3588: ProductName: Microsoft® Windows® Operating System
  906. 2d2c.3588: ProductVersion: 10.0.19041.3996
  907. 2d2c.3588: FileVersion: 10.0.19041.3996 (WinBuild.160101.0800)
  908. 2d2c.3588: FileDescription: ApiSet Schema DLL
  909. 2d2c.3588: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  910. 2d2c.3588: supR3HardenedWinFindAdversaries: 0x0
  911. 2d2c.3588: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  912. 2d2c.3588: Calling main()
  913. 2d2c.3588: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  914. 2d2c.3588: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  915. 2d2c.3588: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  916. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  917. 2d2c.3588: SUPR3HardenedMain: Respawn #2
  918. 2d2c.3588: supR3HardNtEnableThreadCreationEx:
  919. 2d2c.3588: supR3HardenedDllNotificationCallback: load 00007ff8febc0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
  920. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
  921. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  922. 2d2c.3588: supR3HardenedDllNotificationCallback: load 00007ff8fca10000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
  923. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
  924. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  925. 2d2c.3588: supR3HardenedDllNotificationCallback: load 00007ff8fecf0000 LB 0x0009f000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
  926. 2d2c.3588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
  927. 2d2c.3588: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
  928. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
  929. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
  930. 2d2c.3588: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  931. 2d2c.3588: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
  932. 2d2c.3588: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  933. 2d2c.3588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  934. 2d2c.3588: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  935. 2d2c.3588: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  936. 2d2c.3588: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  937. 2d2c.3588: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  938. 2d2c.3588: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  939. 2d2c.3588: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  940. 2d2c.3588: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8feff0000 'C:\WINDOWS\System32\ntdll.dll'
  941. 2d2c.3588: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ff065c10 pvNtTerminateThread=00007ff8ff08df40
  942. 2d2c.3588: supR3HardenedWinDoReSpawn(2): New child 26cc.3a0 [kernel32].
  943. 2d2c.3588: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  944. 2d2c.3588: supR3HardNtChildGatherData: PebBaseAddress=0000000568414000 cbPeb=0x388
  945. 2d2c.3588: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8feff0000 uNtDllChildAddr=00007ff8feff0000
  946. 2d2c.3588: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8ff065c10
  947. 2d2c.3588: supR3HardenedWinSetupChildInit: Initial context:
  948. rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6df31b790 rdx=0000000568414000
  949. rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  950. r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  951. r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
  952. rip=00007ff8ff03cc70 rsp=000000056833fc88 rbp=0000000000000000 ctxflags=0010001b
  953. cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
  954. P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
  955. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  956. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  957. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
  958. 2d2c.3588: kernel32.dll: timestamp 0x87803e41 (rc=VINF_SUCCESS)
  959. 2d2c.3588: supR3HardenedWinSetupChildInit: Start child.
  960. 2d2c.3588: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
  961. 2d2c.3588: supR3HardNtChildPurify: Startup delay kludge #1/0: 273 ms, 16 sleeps
  962. 2d2c.3588: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  963. 2d2c.3588: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  964. 2d2c.3588: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  965. 2d2c.3588: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
  966. 2d2c.3588: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
  967. 2d2c.3588: 000000007ffe3000-000000056823ffff 0x0001/0x0000 0x0000000
  968. 2d2c.3588: *0000000568240000-000000056833afff 0x0000/0x0004 0x0020000
  969. 2d2c.3588: 000000056833b000-000000056833dfff 0x0104/0x0004 0x0020000
  970. 2d2c.3588: 000000056833e000-000000056833ffff 0x0004/0x0004 0x0020000
  971. 2d2c.3588: 0000000568340000-00000005683fffff 0x0001/0x0000 0x0000000
  972. 2d2c.3588: *0000000568400000-0000000568413fff 0x0000/0x0004 0x0020000
  973. 2d2c.3588: 0000000568414000-0000000568416fff 0x0004/0x0004 0x0020000
  974. 2d2c.3588: 0000000568417000-00000005685fffff 0x0000/0x0004 0x0020000
  975. 2d2c.3588: 0000000568600000-000001b19d93ffff 0x0001/0x0000 0x0000000
  976. 2d2c.3588: *000001b19d940000-000001b19d95ffff 0x0004/0x0004 0x0020000
  977. 2d2c.3588: *000001b19d960000-000001b19d97cfff 0x0002/0x0002 0x0040000
  978. 2d2c.3588: 000001b19d97d000-000001b19d97ffff 0x0001/0x0000 0x0000000
  979. 2d2c.3588: *000001b19d980000-000001b19d983fff 0x0002/0x0002 0x0040000
  980. 2d2c.3588: 000001b19d984000-000001b19d98ffff 0x0001/0x0000 0x0000000
  981. 2d2c.3588: *000001b19d990000-000001b19d990fff 0x0002/0x0002 0x0040000
  982. 2d2c.3588: 000001b19d991000-000001b19d99ffff 0x0001/0x0000 0x0000000
  983. 2d2c.3588: *000001b19d9a0000-000001b19d9a1fff 0x0004/0x0004 0x0020000
  984. 2d2c.3588: 000001b19d9a2000-00007df50028ffff 0x0001/0x0000 0x0000000
  985. 2d2c.3588: *00007df500290000-00007df500290fff 0x0002/0x0002 0x0040000
  986. 2d2c.3588: 00007df500291000-00007df50029ffff 0x0001/0x0000 0x0000000
  987. 2d2c.3588: *00007df5002a0000-00007df5002c2fff 0x0002/0x0002 0x0040000
  988. 2d2c.3588: 00007df5002c3000-00007df5002cffff 0x0001/0x0000 0x0000000
  989. 2d2c.3588: *00007df5002d0000-00007df501de2fff 0x0000/0x0001 0x0040000
  990. 2d2c.3588: 00007df501de3000-00007df501e04fff 0x0001/0x0001 0x0040000
  991. 2d2c.3588: 00007df501e05000-00007df50209afff 0x0000/0x0001 0x0040000
  992. 2d2c.3588: 00007df50209b000-00007df50209bfff 0x0001/0x0001 0x0040000
  993. 2d2c.3588: 00007df50209c000-00007ff4dba9bfff 0x0000/0x0001 0x0040000
  994. 2d2c.3588: 00007ff4dba9c000-00007ff4dbaa0fff 0x0002/0x0001 0x0040000
  995. 2d2c.3588: 00007ff4dbaa1000-00007ff4e2828fff 0x0000/0x0001 0x0040000
  996. 2d2c.3588: 00007ff4e2829000-00007ff4e428efff 0x0001/0x0001 0x0040000
  997. 2d2c.3588: 00007ff4e428f000-00007ff4e4297fff 0x0002/0x0001 0x0040000
  998. 2d2c.3588: 00007ff4e4298000-00007ff5002cffff 0x0000/0x0001 0x0040000
  999. 2d2c.3588: 00007ff5002d0000-00007ff6df30ffff 0x0001/0x0000 0x0000000
  1000. 2d2c.3588: *00007ff6df310000-00007ff6df310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1001. 2d2c.3588: 00007ff6df311000-00007ff6df37bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1002. 2d2c.3588: 00007ff6df37c000-00007ff6df37cfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1003. 2d2c.3588: 00007ff6df37d000-00007ff6df3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1004. 2d2c.3588: 00007ff6df3d1000-00007ff6df3d1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1005. 2d2c.3588: 00007ff6df3d2000-00007ff6df3d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1006. 2d2c.3588: 00007ff6df3d3000-00007ff6df3d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1007. 2d2c.3588: 00007ff6df3d8000-00007ff6df3ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1008. 2d2c.3588: 00007ff6df3de000-00007ff6df417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1009. 2d2c.3588: 00007ff6df418000-00007ff8fefeffff 0x0001/0x0000 0x0000000
  1010. 2d2c.3588: *00007ff8feff0000-00007ff8feff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1011. 2d2c.3588: 00007ff8feff1000-00007ff8ff10cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1012. 2d2c.3588: 00007ff8ff10d000-00007ff8ff155fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1013. 2d2c.3588: 00007ff8ff156000-00007ff8ff161fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1014. 2d2c.3588: 00007ff8ff162000-00007ff8ff170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1015. 2d2c.3588: 00007ff8ff171000-00007ff8ff171fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1016. 2d2c.3588: 00007ff8ff172000-00007ff8ff174fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1017. 2d2c.3588: 00007ff8ff175000-00007ff8ff1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1018. 2d2c.3588: 00007ff8ff1e8000-00007ffffffeffff 0x0001/0x0000 0x0000000
  1019. 2d2c.3588: VirtualBoxVM.exe: timestamp 0x670807b4 (rc=VINF_SUCCESS)
  1020. 2d2c.3588: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  1021. 2d2c.3588: VirtualBoxVM.exe: Differences in section #8 (.rsrc) between file and memory:
  1022. 2d2c.3588: 00007ff6df416b28 / 0x0106b28: 00 != 50
  1023. 2d2c.3588: 00007ff6df416b29 / 0x0106b29: 00 != 41
  1024. 2d2c.3588: 00007ff6df416b2a / 0x0106b2a: 00 != 44
  1025. 2d2c.3588: 00007ff6df416b2b / 0x0106b2b: 00 != 44
  1026. 2d2c.3588: 00007ff6df416b2c / 0x0106b2c: 00 != 49
  1027. 2d2c.3588: 00007ff6df416b2d / 0x0106b2d: 00 != 4e
  1028. 2d2c.3588: 00007ff6df416b2e / 0x0106b2e: 00 != 47
  1029. 2d2c.3588: 00007ff6df416b2f / 0x0106b2f: 00 != 58
  1030. 2d2c.3588: 00007ff6df416b30 / 0x0106b30: 00 != 58
  1031. 2d2c.3588: 00007ff6df416b31 / 0x0106b31: 00 != 50
  1032. 2d2c.3588: 00007ff6df416b32 / 0x0106b32: 00 != 41
  1033. 2d2c.3588: 00007ff6df416b33 / 0x0106b33: 00 != 44
  1034. 2d2c.3588: 00007ff6df416b34 / 0x0106b34: 00 != 44
  1035. 2d2c.3588: 00007ff6df416b35 / 0x0106b35: 00 != 49
  1036. 2d2c.3588: 00007ff6df416b36 / 0x0106b36: 00 != 4e
  1037. 2d2c.3588: 00007ff6df416b37 / 0x0106b37: 00 != 47
  1038. 2d2c.3588: 00007ff6df416b38 / 0x0106b38: 00 != 50
  1039. 2d2c.3588: 00007ff6df416b39 / 0x0106b39: 00 != 41
  1040. 2d2c.3588: 00007ff6df416b3a / 0x0106b3a: 00 != 44
  1041. 2d2c.3588: 00007ff6df416b3b / 0x0106b3b: 00 != 44
  1042. 2d2c.3588: 00007ff6df416b3c / 0x0106b3c: 00 != 49
  1043. 2d2c.3588: 00007ff6df416b3d / 0x0106b3d: 00 != 4e
  1044. 2d2c.3588: 00007ff6df416b3e / 0x0106b3e: 00 != 47
  1045. 2d2c.3588: 00007ff6df416b3f / 0x0106b3f: 00 != 58
  1046. 2d2c.3588: 00007ff6df416b40 / 0x0106b40: 00 != 58
  1047. 2d2c.3588: 00007ff6df416b41 / 0x0106b41: 00 != 50
  1048. 2d2c.3588: 00007ff6df416b42 / 0x0106b42: 00 != 41
  1049. 2d2c.3588: 00007ff6df416b43 / 0x0106b43: 00 != 44
  1050. 2d2c.3588: 00007ff6df416b44 / 0x0106b44: 00 != 44
  1051. 2d2c.3588: 00007ff6df416b45 / 0x0106b45: 00 != 49
  1052. 2d2c.3588: 00007ff6df416b46 / 0x0106b46: 00 != 4e
  1053. 2d2c.3588: 00007ff6df416b47 / 0x0106b47: 00 != 47
  1054. 2d2c.3588: 00007ff6df416b48 / 0x0106b48: 00 != 50
  1055. 2d2c.3588: 00007ff6df416b49 / 0x0106b49: 00 != 41
  1056. 2d2c.3588: 00007ff6df416b4a / 0x0106b4a: 00 != 44
  1057. 2d2c.3588: 00007ff6df416b4b / 0x0106b4b: 00 != 44
  1058. 2d2c.3588: 00007ff6df416b4c / 0x0106b4c: 00 != 49
  1059. 2d2c.3588: 00007ff6df416b4d / 0x0106b4d: 00 != 4e
  1060. 2d2c.3588: 00007ff6df416b4e / 0x0106b4e: 00 != 47
  1061. 2d2c.3588: 00007ff6df416b4f / 0x0106b4f: 00 != 58
  1062. 2d2c.3588: 00007ff6df416b50 / 0x0106b50: 00 != 58
  1063. 2d2c.3588: 00007ff6df416b51 / 0x0106b51: 00 != 50
  1064. 2d2c.3588: 00007ff6df416b52 / 0x0106b52: 00 != 41
  1065. 2d2c.3588: 00007ff6df416b53 / 0x0106b53: 00 != 44
  1066. 2d2c.3588: 00007ff6df416b54 / 0x0106b54: 00 != 44
  1067. 2d2c.3588: 00007ff6df416b55 / 0x0106b55: 00 != 49
  1068. 2d2c.3588: 00007ff6df416b56 / 0x0106b56: 00 != 4e
  1069. 2d2c.3588: 00007ff6df416b57 / 0x0106b57: 00 != 47
  1070. 2d2c.3588: 00007ff6df416b58 / 0x0106b58: 00 != 50
  1071. 2d2c.3588: 00007ff6df416b59 / 0x0106b59: 00 != 41
  1072. 2d2c.3588: 00007ff6df416b5a / 0x0106b5a: 00 != 44
  1073. 2d2c.3588: 00007ff6df416b5b / 0x0106b5b: 00 != 44
  1074. 2d2c.3588: 00007ff6df416b5c / 0x0106b5c: 00 != 49
  1075. 2d2c.3588: 00007ff6df416b5d / 0x0106b5d: 00 != 4e
  1076. 2d2c.3588: 00007ff6df416b5e / 0x0106b5e: 00 != 47
  1077. 2d2c.3588: 00007ff6df416b5f / 0x0106b5f: 00 != 58
  1078. 2d2c.3588: 00007ff6df416b60 / 0x0106b60: 00 != 58
  1079. 2d2c.3588: 00007ff6df416b61 / 0x0106b61: 00 != 50
  1080. 2d2c.3588: 00007ff6df416b62 / 0x0106b62: 00 != 41
  1081. 2d2c.3588: 00007ff6df416b63 / 0x0106b63: 00 != 44
  1082. 2d2c.3588: 00007ff6df416b64 / 0x0106b64: 00 != 44
  1083. 2d2c.3588: 00007ff6df416b65 / 0x0106b65: 00 != 49
  1084. 2d2c.3588: 00007ff6df416b66 / 0x0106b66: 00 != 4e
  1085. 2d2c.3588: 00007ff6df416b67 / 0x0106b67: 00 != 47
  1086. 2d2c.3588: 00007ff6df416b68 / 0x0106b68: 00 != 50
  1087. 2d2c.3588: 00007ff6df416b69 / 0x0106b69: 00 != 41
  1088. 2d2c.3588: 00007ff6df416b6a / 0x0106b6a: 00 != 44
  1089. 2d2c.3588: 00007ff6df416b6b / 0x0106b6b: 00 != 44
  1090. 2d2c.3588: 00007ff6df416b6c / 0x0106b6c: 00 != 49
  1091. 2d2c.3588: 00007ff6df416b6d / 0x0106b6d: 00 != 4e
  1092. 2d2c.3588: 00007ff6df416b6e / 0x0106b6e: 00 != 47
  1093. 2d2c.3588: 00007ff6df416b6f / 0x0106b6f: 00 != 58
  1094. 2d2c.3588: 00007ff6df416b70 / 0x0106b70: 00 != 58
  1095. 2d2c.3588: 00007ff6df416b71 / 0x0106b71: 00 != 50
  1096. 2d2c.3588: 00007ff6df416b72 / 0x0106b72: 00 != 41
  1097. 2d2c.3588: 00007ff6df416b73 / 0x0106b73: 00 != 44
  1098. 2d2c.3588: 00007ff6df416b74 / 0x0106b74: 00 != 44
  1099. 2d2c.3588: 00007ff6df416b75 / 0x0106b75: 00 != 49
  1100. 2d2c.3588: 00007ff6df416b76 / 0x0106b76: 00 != 4e
  1101. 2d2c.3588: 00007ff6df416b77 / 0x0106b77: 00 != 47
  1102. 2d2c.3588: 00007ff6df416b78 / 0x0106b78: 00 != 50
  1103. 2d2c.3588: 00007ff6df416b79 / 0x0106b79: 00 != 41
  1104. 2d2c.3588: 00007ff6df416b7a / 0x0106b7a: 00 != 44
  1105. 2d2c.3588: 00007ff6df416b7b / 0x0106b7b: 00 != 44
  1106. 2d2c.3588: 00007ff6df416b7c / 0x0106b7c: 00 != 49
  1107. 2d2c.3588: 00007ff6df416b7d / 0x0106b7d: 00 != 4e
  1108. 2d2c.3588: 00007ff6df416b7e / 0x0106b7e: 00 != 47
  1109. 2d2c.3588: 00007ff6df416b7f / 0x0106b7f: 00 != 58
  1110. 2d2c.3588: 00007ff6df416b80 / 0x0106b80: 00 != 58
  1111. 2d2c.3588: 00007ff6df416b81 / 0x0106b81: 00 != 50
  1112. 2d2c.3588: 00007ff6df416b82 / 0x0106b82: 00 != 41
  1113. 2d2c.3588: 00007ff6df416b83 / 0x0106b83: 00 != 44
  1114. 2d2c.3588: 00007ff6df416b84 / 0x0106b84: 00 != 44
  1115. 2d2c.3588: 00007ff6df416b85 / 0x0106b85: 00 != 49
  1116. 2d2c.3588: 00007ff6df416b86 / 0x0106b86: 00 != 4e
  1117. 2d2c.3588: 00007ff6df416b87 / 0x0106b87: 00 != 47
  1118. 2d2c.3588: 00007ff6df416b88 / 0x0106b88: 00 != 50
  1119. 2d2c.3588: 00007ff6df416b89 / 0x0106b89: 00 != 41
  1120. 2d2c.3588: 00007ff6df416b8a / 0x0106b8a: 00 != 44
  1121. 2d2c.3588: 00007ff6df416b8b / 0x0106b8b: 00 != 44
  1122. 2d2c.3588: 00007ff6df416b8c / 0x0106b8c: 00 != 49
  1123. 2d2c.3588: 00007ff6df416b8d / 0x0106b8d: 00 != 4e
  1124. 2d2c.3588: 00007ff6df416b8e / 0x0106b8e: 00 != 47
  1125. 2d2c.3588: 00007ff6df416b8f / 0x0106b8f: 00 != 58
  1126. 2d2c.3588: 00007ff6df416b90 / 0x0106b90: 00 != 58
  1127. 2d2c.3588: 00007ff6df416b91 / 0x0106b91: 00 != 50
  1128. 2d2c.3588: 00007ff6df416b92 / 0x0106b92: 00 != 41
  1129. 2d2c.3588: 00007ff6df416b93 / 0x0106b93: 00 != 44
  1130. 2d2c.3588: 00007ff6df416b94 / 0x0106b94: 00 != 44
  1131. 2d2c.3588: 00007ff6df416b95 / 0x0106b95: 00 != 49
  1132. 2d2c.3588: 00007ff6df416b96 / 0x0106b96: 00 != 4e
  1133. 2d2c.3588: 00007ff6df416b97 / 0x0106b97: 00 != 47
  1134. 2d2c.3588: 00007ff6df416b98 / 0x0106b98: 00 != 50
  1135. 2d2c.3588: 00007ff6df416b99 / 0x0106b99: 00 != 41
  1136. 2d2c.3588: 00007ff6df416b9a / 0x0106b9a: 00 != 44
  1137. 2d2c.3588: 00007ff6df416b9b / 0x0106b9b: 00 != 44
  1138. 2d2c.3588: 00007ff6df416b9c / 0x0106b9c: 00 != 49
  1139. 2d2c.3588: 00007ff6df416b9d / 0x0106b9d: 00 != 4e
  1140. 2d2c.3588: 00007ff6df416b9e / 0x0106b9e: 00 != 47
  1141. 2d2c.3588: 00007ff6df416b9f / 0x0106b9f: 00 != 58
  1142. 2d2c.3588: 00007ff6df416ba0 / 0x0106ba0: 00 != 58
  1143. 2d2c.3588: 00007ff6df416ba1 / 0x0106ba1: 00 != 50
  1144. 2d2c.3588: 00007ff6df416ba2 / 0x0106ba2: 00 != 41
  1145. 2d2c.3588: 00007ff6df416ba3 / 0x0106ba3: 00 != 44
  1146. 2d2c.3588: 00007ff6df416ba4 / 0x0106ba4: 00 != 44
  1147. 2d2c.3588: 00007ff6df416ba5 / 0x0106ba5: 00 != 49
  1148. 2d2c.3588: 00007ff6df416ba6 / 0x0106ba6: 00 != 4e
  1149. 2d2c.3588: 00007ff6df416ba7 / 0x0106ba7: 00 != 47
  1150. 2d2c.3588: 00007ff6df416ba8 / 0x0106ba8: 00 != 50
  1151. 2d2c.3588: 00007ff6df416ba9 / 0x0106ba9: 00 != 41
  1152. 2d2c.3588: 00007ff6df416baa / 0x0106baa: 00 != 44
  1153. 2d2c.3588: 00007ff6df416bab / 0x0106bab: 00 != 44
  1154. 2d2c.3588: 00007ff6df416bac / 0x0106bac: 00 != 49
  1155. 2d2c.3588: 00007ff6df416bad / 0x0106bad: 00 != 4e
  1156. 2d2c.3588: 00007ff6df416bae / 0x0106bae: 00 != 47
  1157. 2d2c.3588: 00007ff6df416baf / 0x0106baf: 00 != 58
  1158. 2d2c.3588: 00007ff6df416bb0 / 0x0106bb0: 00 != 58
  1159. 2d2c.3588: 00007ff6df416bb1 / 0x0106bb1: 00 != 50
  1160. 2d2c.3588: 00007ff6df416bb2 / 0x0106bb2: 00 != 41
  1161. 2d2c.3588: 00007ff6df416bb3 / 0x0106bb3: 00 != 44
  1162. 2d2c.3588: 00007ff6df416bb4 / 0x0106bb4: 00 != 44
  1163. 2d2c.3588: 00007ff6df416bb5 / 0x0106bb5: 00 != 49
  1164. 2d2c.3588: 00007ff6df416bb6 / 0x0106bb6: 00 != 4e
  1165. 2d2c.3588: 00007ff6df416bb7 / 0x0106bb7: 00 != 47
  1166. 2d2c.3588: 00007ff6df416bb8 / 0x0106bb8: 00 != 50
  1167. 2d2c.3588: 00007ff6df416bb9 / 0x0106bb9: 00 != 41
  1168. 2d2c.3588: 00007ff6df416bba / 0x0106bba: 00 != 44
  1169. 2d2c.3588: 00007ff6df416bbb / 0x0106bbb: 00 != 44
  1170. 2d2c.3588: 00007ff6df416bbc / 0x0106bbc: 00 != 49
  1171. 2d2c.3588: 00007ff6df416bbd / 0x0106bbd: 00 != 4e
  1172. 2d2c.3588: 00007ff6df416bbe / 0x0106bbe: 00 != 47
  1173. 2d2c.3588: 00007ff6df416bbf / 0x0106bbf: 00 != 58
  1174. 2d2c.3588: 00007ff6df416bc0 / 0x0106bc0: 00 != 58
  1175. 2d2c.3588: 00007ff6df416bc1 / 0x0106bc1: 00 != 50
  1176. 2d2c.3588: 00007ff6df416bc2 / 0x0106bc2: 00 != 41
  1177. 2d2c.3588: 00007ff6df416bc3 / 0x0106bc3: 00 != 44
  1178. 2d2c.3588: 00007ff6df416bc4 / 0x0106bc4: 00 != 44
  1179. 2d2c.3588: 00007ff6df416bc5 / 0x0106bc5: 00 != 49
  1180. 2d2c.3588: 00007ff6df416bc6 / 0x0106bc6: 00 != 4e
  1181. 2d2c.3588: 00007ff6df416bc7 / 0x0106bc7: 00 != 47
  1182. 2d2c.3588: 00007ff6df416bc8 / 0x0106bc8: 00 != 50
  1183. 2d2c.3588: 00007ff6df416bc9 / 0x0106bc9: 00 != 41
  1184. 2d2c.3588: 00007ff6df416bca / 0x0106bca: 00 != 44
  1185. 2d2c.3588: 00007ff6df416bcb / 0x0106bcb: 00 != 44
  1186. 2d2c.3588: 00007ff6df416bcc / 0x0106bcc: 00 != 49
  1187. 2d2c.3588: 00007ff6df416bcd / 0x0106bcd: 00 != 4e
  1188. 2d2c.3588: 00007ff6df416bce / 0x0106bce: 00 != 47
  1189. 2d2c.3588: 00007ff6df416bcf / 0x0106bcf: 00 != 58
  1190. 2d2c.3588: 00007ff6df416bd0 / 0x0106bd0: 00 != 58
  1191. 2d2c.3588: 00007ff6df416bd1 / 0x0106bd1: 00 != 50
  1192. 2d2c.3588: 00007ff6df416bd2 / 0x0106bd2: 00 != 41
  1193. 2d2c.3588: 00007ff6df416bd3 / 0x0106bd3: 00 != 44
  1194. 2d2c.3588: 00007ff6df416bd4 / 0x0106bd4: 00 != 44
  1195. 2d2c.3588: 00007ff6df416bd5 / 0x0106bd5: 00 != 49
  1196. 2d2c.3588: 00007ff6df416bd6 / 0x0106bd6: 00 != 4e
  1197. 2d2c.3588: 00007ff6df416bd7 / 0x0106bd7: 00 != 47
  1198. 2d2c.3588: 00007ff6df416bd8 / 0x0106bd8: 00 != 50
  1199. 2d2c.3588: 00007ff6df416bd9 / 0x0106bd9: 00 != 41
  1200. 2d2c.3588: 00007ff6df416bda / 0x0106bda: 00 != 44
  1201. 2d2c.3588: 00007ff6df416bdb / 0x0106bdb: 00 != 44
  1202. 2d2c.3588: 00007ff6df416bdc / 0x0106bdc: 00 != 49
  1203. 2d2c.3588: 00007ff6df416bdd / 0x0106bdd: 00 != 4e
  1204. 2d2c.3588: 00007ff6df416bde / 0x0106bde: 00 != 47
  1205. 2d2c.3588: 00007ff6df416bdf / 0x0106bdf: 00 != 58
  1206. 2d2c.3588: 00007ff6df416be0 / 0x0106be0: 00 != 58
  1207. 2d2c.3588: 00007ff6df416be1 / 0x0106be1: 00 != 50
  1208. 2d2c.3588: 00007ff6df416be2 / 0x0106be2: 00 != 41
  1209. 2d2c.3588: 00007ff6df416be3 / 0x0106be3: 00 != 44
  1210. 2d2c.3588: 00007ff6df416be4 / 0x0106be4: 00 != 44
  1211. 2d2c.3588: 00007ff6df416be5 / 0x0106be5: 00 != 49
  1212. 2d2c.3588: 00007ff6df416be6 / 0x0106be6: 00 != 4e
  1213. 2d2c.3588: 00007ff6df416be7 / 0x0106be7: 00 != 47
  1214. 2d2c.3588: 00007ff6df416be8 / 0x0106be8: 00 != 50
  1215. 2d2c.3588: 00007ff6df416be9 / 0x0106be9: 00 != 41
  1216. 2d2c.3588: 00007ff6df416bea / 0x0106bea: 00 != 44
  1217. 2d2c.3588: 00007ff6df416beb / 0x0106beb: 00 != 44
  1218. 2d2c.3588: 00007ff6df416bec / 0x0106bec: 00 != 49
  1219. 2d2c.3588: 00007ff6df416bed / 0x0106bed: 00 != 4e
  1220. 2d2c.3588: 00007ff6df416bee / 0x0106bee: 00 != 47
  1221. 2d2c.3588: 00007ff6df416bef / 0x0106bef: 00 != 58
  1222. 2d2c.3588: 00007ff6df416bf0 / 0x0106bf0: 00 != 58
  1223. 2d2c.3588: 00007ff6df416bf1 / 0x0106bf1: 00 != 50
  1224. 2d2c.3588: 00007ff6df416bf2 / 0x0106bf2: 00 != 41
  1225. 2d2c.3588: 00007ff6df416bf3 / 0x0106bf3: 00 != 44
  1226. 2d2c.3588: 00007ff6df416bf4 / 0x0106bf4: 00 != 44
  1227. 2d2c.3588: 00007ff6df416bf5 / 0x0106bf5: 00 != 49
  1228. 2d2c.3588: 00007ff6df416bf6 / 0x0106bf6: 00 != 4e
  1229. 2d2c.3588: 00007ff6df416bf7 / 0x0106bf7: 00 != 47
  1230. 2d2c.3588: 00007ff6df416bf8 / 0x0106bf8: 00 != 50
  1231. 2d2c.3588: 00007ff6df416bf9 / 0x0106bf9: 00 != 41
  1232. 2d2c.3588: 00007ff6df416bfa / 0x0106bfa: 00 != 44
  1233. 2d2c.3588: 00007ff6df416bfb / 0x0106bfb: 00 != 44
  1234. 2d2c.3588: 00007ff6df416bfc / 0x0106bfc: 00 != 49
  1235. 2d2c.3588: 00007ff6df416bfd / 0x0106bfd: 00 != 4e
  1236. 2d2c.3588: 00007ff6df416bfe / 0x0106bfe: 00 != 47
  1237. 2d2c.3588: 00007ff6df416bff / 0x0106bff: 00 != 58
  1238. 2d2c.3588: Restored 0x4d8 bytes of original file content at 00007ff6df416b28
  1239. 2d2c.3588: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  1240. 2d2c.3588: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x80000000
  1241. 2d2c.3588: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 33 sleeps
  1242. 2d2c.3588: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  1243. 2d2c.3588: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
  1244. 2d2c.3588: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  1245. 2d2c.3588: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
  1246. 2d2c.3588: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
  1247. 2d2c.3588: 000000007ffe3000-000000056823ffff 0x0001/0x0000 0x0000000
  1248. 2d2c.3588: *0000000568240000-000000056833afff 0x0000/0x0004 0x0020000
  1249. 2d2c.3588: 000000056833b000-000000056833dfff 0x0104/0x0004 0x0020000
  1250. 2d2c.3588: 000000056833e000-000000056833ffff 0x0004/0x0004 0x0020000
  1251. 2d2c.3588: 0000000568340000-00000005683fffff 0x0001/0x0000 0x0000000
  1252. 2d2c.3588: *0000000568400000-0000000568413fff 0x0000/0x0004 0x0020000
  1253. 2d2c.3588: 0000000568414000-0000000568416fff 0x0004/0x0004 0x0020000
  1254. 2d2c.3588: 0000000568417000-00000005685fffff 0x0000/0x0004 0x0020000
  1255. 2d2c.3588: 0000000568600000-000001b19d93ffff 0x0001/0x0000 0x0000000
  1256. 2d2c.3588: *000001b19d940000-000001b19d95ffff 0x0004/0x0004 0x0020000
  1257. 2d2c.3588: *000001b19d960000-000001b19d97cfff 0x0002/0x0002 0x0040000
  1258. 2d2c.3588: 000001b19d97d000-000001b19d97ffff 0x0001/0x0000 0x0000000
  1259. 2d2c.3588: *000001b19d980000-000001b19d983fff 0x0002/0x0002 0x0040000
  1260. 2d2c.3588: 000001b19d984000-000001b19d98ffff 0x0001/0x0000 0x0000000
  1261. 2d2c.3588: *000001b19d990000-000001b19d990fff 0x0002/0x0002 0x0040000
  1262. 2d2c.3588: 000001b19d991000-000001b19d99ffff 0x0001/0x0000 0x0000000
  1263. 2d2c.3588: *000001b19d9a0000-000001b19d9a1fff 0x0004/0x0004 0x0020000
  1264. 2d2c.3588: 000001b19d9a2000-00007df50028ffff 0x0001/0x0000 0x0000000
  1265. 2d2c.3588: *00007df500290000-00007df500290fff 0x0002/0x0002 0x0040000
  1266. 2d2c.3588: 00007df500291000-00007df50029ffff 0x0001/0x0000 0x0000000
  1267. 2d2c.3588: *00007df5002a0000-00007df5002c2fff 0x0002/0x0002 0x0040000
  1268. 2d2c.3588: 00007df5002c3000-00007df5002cffff 0x0001/0x0000 0x0000000
  1269. 2d2c.3588: *00007df5002d0000-00007df501de2fff 0x0000/0x0001 0x0040000
  1270. 2d2c.3588: 00007df501de3000-00007df501e04fff 0x0001/0x0001 0x0040000
  1271. 2d2c.3588: 00007df501e05000-00007df50209afff 0x0000/0x0001 0x0040000
  1272. 2d2c.3588: 00007df50209b000-00007df50209bfff 0x0001/0x0001 0x0040000
  1273. 2d2c.3588: 00007df50209c000-00007ff4dba9bfff 0x0000/0x0001 0x0040000
  1274. 2d2c.3588: 00007ff4dba9c000-00007ff4dbaa0fff 0x0002/0x0001 0x0040000
  1275. 2d2c.3588: 00007ff4dbaa1000-00007ff4e2828fff 0x0000/0x0001 0x0040000
  1276. 2d2c.3588: 00007ff4e2829000-00007ff4e428efff 0x0001/0x0001 0x0040000
  1277. 2d2c.3588: 00007ff4e428f000-00007ff4e4297fff 0x0002/0x0001 0x0040000
  1278. 2d2c.3588: 00007ff4e4298000-00007ff5002cffff 0x0000/0x0001 0x0040000
  1279. 2d2c.3588: 00007ff5002d0000-00007ff6df30ffff 0x0001/0x0000 0x0000000
  1280. 2d2c.3588: *00007ff6df310000-00007ff6df310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1281. 2d2c.3588: 00007ff6df311000-00007ff6df37bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1282. 2d2c.3588: 00007ff6df37c000-00007ff6df37cfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1283. 2d2c.3588: 00007ff6df37d000-00007ff6df3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1284. 2d2c.3588: 00007ff6df3d1000-00007ff6df3ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1285. 2d2c.3588: 00007ff6df3de000-00007ff6df417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1286. 2d2c.3588: 00007ff6df418000-00007ff8fefeffff 0x0001/0x0000 0x0000000
  1287. 2d2c.3588: *00007ff8feff0000-00007ff8feff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1288. 2d2c.3588: 00007ff8feff1000-00007ff8ff10cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1289. 2d2c.3588: 00007ff8ff10d000-00007ff8ff155fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1290. 2d2c.3588: 00007ff8ff156000-00007ff8ff159fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1291. 2d2c.3588: 00007ff8ff15a000-00007ff8ff15ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1292. 2d2c.3588: 00007ff8ff160000-00007ff8ff161fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1293. 2d2c.3588: 00007ff8ff162000-00007ff8ff170fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1294. 2d2c.3588: 00007ff8ff171000-00007ff8ff171fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1295. 2d2c.3588: 00007ff8ff172000-00007ff8ff174fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1296. 2d2c.3588: 00007ff8ff175000-00007ff8ff1e7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  1297. 2d2c.3588: 00007ff8ff1e8000-00007ffffffeffff 0x0001/0x0000 0x0000000
  1298. 2d2c.3588: supR3HardNtChildPurify: Done after 938 ms and 1 fixes (loop #1).
  1299. 26cc.3a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8feff0000 g_uNtVerCombined=0xa04a6500 (stack ~000000056833ea60)
  1300. 26cc.3a0: ntdll.dll: timestamp 0x688f8c4b (rc=VINF_SUCCESS)
  1301. 26cc.3a0: New simple heap: #1 000001b19dab0000 LB 0x400000 (for 2064384 allocation)
  1302. 2d2c.3588: supR3HardenedEarlyCompact: Removed heap 1 (0x0001baf4540000 LB 0x400000)
  1303. 2d2c.3588: supR3HardNtEnableThreadCreationEx:
  1304. 26cc.3a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  1305. 26cc.3a0: System32: \Device\HarddiskVolume4\Windows\System32
  1306. 26cc.3a0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  1307. 26cc.3a0: KnownDllPath: C:\WINDOWS\System32
  1308. 26cc.3a0: supR3HardenedVmProcessInit: Opening vboxsup...
  1309. 26cc.3a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  1310. 26cc.3a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  1311. 26cc.3a0: Registered Dll notification callback with NTDLL.
  1312. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  1313. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  1314. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  1315. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fcbc0000 LB 0x002fe000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
  1316. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  1317. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  1318. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fdab0000 LB 0x000c2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
  1319. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  1320. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdab0000 'C:\WINDOWS\System32\KERNEL32.DLL'
  1321. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff6df310000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
  1322. 26cc.3a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  1323. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  1324. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
  1325. 26cc.3a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ff065c10 pvNtTerminateThread=00007ff8ff08df40
  1326. 2d2c.3588: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 173 ms.
  1327. 26cc.3a0: \SystemRoot\System32\ntdll.dll:
  1328. 26cc.3a0: CreationTime: 2024-10-11T12:47:43.281861700Z
  1329. 26cc.3a0: LastWriteTime: 2024-10-11T12:47:43.501863200Z
  1330. 26cc.3a0: ChangeTime: 2024-12-11T17:56:48.666723500Z
  1331. 26cc.3a0: FileAttributes: 0x20
  1332. 26cc.3a0: Size: 0x1ef640
  1333. 26cc.3a0: NT Headers: 0xe8
  1334. 26cc.3a0: Timestamp: 0x688f8c4b
  1335. 26cc.3a0: Machine: 0x8664 - amd64
  1336. 26cc.3a0: Timestamp: 0x688f8c4b
  1337. 26cc.3a0: Image Version: 10.0
  1338. 26cc.3a0: SizeOfImage: 0x1f8000 (2064384)
  1339. 26cc.3a0: Resource Dir: 0x186000 LB 0x70508
  1340. 26cc.3a0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1341. 26cc.3a0: [Raw version resource data: 0x1860f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  1342. 26cc.3a0: ProductName: Microsoft® Windows® Operating System
  1343. 26cc.3a0: ProductVersion: 10.0.19041.5007
  1344. 26cc.3a0: FileVersion: 10.0.19041.5007 (WinBuild.160101.0800)
  1345. 26cc.3a0: FileDescription: NT Layer DLL
  1346. 26cc.3a0: \SystemRoot\System32\kernel32.dll:
  1347. 26cc.3a0: CreationTime: 2024-11-23T10:20:52.028834300Z
  1348. 26cc.3a0: LastWriteTime: 2024-11-23T10:20:52.083382400Z
  1349. 26cc.3a0: ChangeTime: 2024-12-11T17:56:49.046712700Z
  1350. 26cc.3a0: FileAttributes: 0x20
  1351. 26cc.3a0: Size: 0xbf588
  1352. 26cc.3a0: NT Headers: 0xf8
  1353. 26cc.3a0: Timestamp: 0x87803e41
  1354. 26cc.3a0: Machine: 0x8664 - amd64
  1355. 26cc.3a0: Timestamp: 0x87803e41
  1356. 26cc.3a0: Image Version: 10.0
  1357. 26cc.3a0: SizeOfImage: 0xc2000 (794624)
  1358. 26cc.3a0: Resource Dir: 0xc0000 LB 0x520
  1359. 26cc.3a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1360. 26cc.3a0: [Raw version resource data: 0xc00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  1361. 26cc.3a0: ProductName: Microsoft® Windows® Operating System
  1362. 26cc.3a0: ProductVersion: 10.0.19041.5198
  1363. 26cc.3a0: FileVersion: 10.0.19041.5198 (WinBuild.160101.0800)
  1364. 26cc.3a0: FileDescription: Windows NT BASE API Client DLL
  1365. 26cc.3a0: \SystemRoot\System32\KernelBase.dll:
  1366. 26cc.3a0: CreationTime: 2024-11-23T10:20:30.424984400Z
  1367. 26cc.3a0: LastWriteTime: 2024-11-23T10:20:30.950571900Z
  1368. 26cc.3a0: ChangeTime: 2024-12-11T17:56:48.696719300Z
  1369. 26cc.3a0: FileAttributes: 0x20
  1370. 26cc.3a0: Size: 0x2ff3c8
  1371. 26cc.3a0: NT Headers: 0x100
  1372. 26cc.3a0: Timestamp: 0xd1eefc71
  1373. 26cc.3a0: Machine: 0x8664 - amd64
  1374. 26cc.3a0: Timestamp: 0xd1eefc71
  1375. 26cc.3a0: Image Version: 10.0
  1376. 26cc.3a0: SizeOfImage: 0x2fe000 (3137536)
  1377. 26cc.3a0: Resource Dir: 0x2d4000 LB 0x548
  1378. 26cc.3a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1379. 26cc.3a0: [Raw version resource data: 0x2d40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
  1380. 26cc.3a0: ProductName: Microsoft® Windows® Operating System
  1381. 26cc.3a0: ProductVersion: 10.0.19041.5198
  1382. 26cc.3a0: FileVersion: 10.0.19041.5198 (WinBuild.160101.0800)
  1383. 26cc.3a0: FileDescription: Windows NT BASE API Client DLL
  1384. 26cc.3a0: \SystemRoot\System32\apisetschema.dll:
  1385. 26cc.3a0: CreationTime: 2024-01-27T16:00:25.927257100Z
  1386. 26cc.3a0: LastWriteTime: 2024-01-27T16:00:25.974090700Z
  1387. 26cc.3a0: ChangeTime: 2024-12-11T17:56:34.404205000Z
  1388. 26cc.3a0: FileAttributes: 0x20
  1389. 26cc.3a0: Size: 0x1f970
  1390. 26cc.3a0: NT Headers: 0xd0
  1391. 26cc.3a0: Timestamp: 0x818769b5
  1392. 26cc.3a0: Machine: 0x8664 - amd64
  1393. 26cc.3a0: Timestamp: 0x818769b5
  1394. 26cc.3a0: Image Version: 10.0
  1395. 26cc.3a0: SizeOfImage: 0x20000 (131072)
  1396. 26cc.3a0: Resource Dir: 0x1f000 LB 0x408
  1397. 26cc.3a0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  1398. 26cc.3a0: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
  1399. 26cc.3a0: ProductName: Microsoft® Windows® Operating System
  1400. 26cc.3a0: ProductVersion: 10.0.19041.3996
  1401. 26cc.3a0: FileVersion: 10.0.19041.3996 (WinBuild.160101.0800)
  1402. 26cc.3a0: FileDescription: ApiSet Schema DLL
  1403. 26cc.3a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  1404. 26cc.3a0: supR3HardenedWinFindAdversaries: 0x0
  1405. 26cc.3a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  1406. 26cc.3a0: Calling main()
  1407. 26cc.3a0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
  1408. 26cc.3a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  1409. 26cc.3a0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
  1410. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
  1411. 26cc.3a0: SUPR3HardenedMain: Final process, opening VBoxDrv...
  1412. 26cc.3a0: supR3HardenedEarlyCompact: Removed heap 1 (0x0001b19dab0000 LB 0x400000)
  1413. 26cc.3a0: supR3HardNtEnableThreadCreationEx:
  1414. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  1415. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  1416. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1417. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1418. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ecd20000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  1419. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1420. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1421. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1422. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecd20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1423. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  1424. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1425. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecd20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1426. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ecd20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  1427. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1428. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
  1429. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
  1430. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  1431. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1432. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1433. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
  1434. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1435. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1436. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1437. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
  1438. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  1439. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1440. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fdec0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
  1441. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1442. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8febc0000 LB 0x00123000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
  1443. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1444. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc7f0000 LB 0x00069000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
  1445. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1446. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fca90000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
  1447. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
  1448. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
  1449. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc690000 LB 0x0015c000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
  1450. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
  1451. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1452. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1453. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1454. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-synch-l1-2-0'
  1455. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1456. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1457. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-fibers-l1-1-1'
  1458. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1459. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1460. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-fibers-l1-1-1'
  1461. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1462. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1463. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-synch-l1-2-0'
  1464. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
  1465. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
  1466. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc290000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
  1467. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  1468. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc7f0000 'C:\WINDOWS\system32\Wintrust.dll'
  1469. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
  1470. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  1471. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1472. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fca10000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
  1473. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1474. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fca10000 'C:\WINDOWS\system32\bcrypt.dll'
  1475. 26cc.3a0: bcrypt.dll loaded at 00007ff8fca10000, BCryptOpenAlgorithmProvider at 00007ff8fca15790, preloading providers:
  1476. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
  1477. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
  1478. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1479. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc980000 LB 0x00082000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
  1480. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  1481. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc980000 'C:\WINDOWS\system32\bcryptprimitives.dll'
  1482. 26cc.3a0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000001b19e06f180)
  1483. 26cc.3a0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000001b19e070010)
  1484. 26cc.3a0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000001b19e070330)
  1485. 26cc.3a0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000001b19e070650)
  1486. 26cc.3a0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000001b19e070970)
  1487. 26cc.3a0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000001b19e070c90)
  1488. 26cc.3a0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000001b19e070fb0)
  1489. 26cc.3a0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000001b19e0712d0)
  1490. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
  1491. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
  1492. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc020000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  1493. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  1494. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
  1495. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
  1496. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  1497. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  1498. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  1499. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1500. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1501. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1502. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fb690000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
  1503. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1504. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1505. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
  1506. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
  1507. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fbf50000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  1508. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  1509. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  1510. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1511. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdab0000 'C:\WINDOWS\System32\kernel32.dll'
  1512. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  1513. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1514. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc7f0000 'C:\WINDOWS\System32\WINTRUST.DLL'
  1515. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1516. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1517. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\CRYPT32.dll'
  1518. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fef90000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
  1519. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
  1520. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
  1521. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1522. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1523. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1524. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1525. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1526. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1527. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fecf0000 LB 0x0009f000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
  1528. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
  1529. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
  1530. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
  1531. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
  1532. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1533. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  1534. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
  1535. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
  1536. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fae90000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
  1537. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  1538. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1539. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
  1540. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
  1541. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  1542. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  1543. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  1544. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1545. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1546. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1547. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1548. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1549. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1550. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1551. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1552. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1553. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1554. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  1555. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  1556. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  1557. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1558. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1559. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1560. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1561. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1562. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8da920000 LB 0x00031000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
  1563. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1564. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1565. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1566. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1567. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1568. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1569. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1570. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1571. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1572. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1573. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1574. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1575. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1576. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1577. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1578. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1579. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1580. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  1581. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1582. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1583. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1584. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1585. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1586. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1587. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1588. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1589. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1590. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  1591. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1592. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\Windows\System32\cryptnet.dll'
  1593. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
  1594. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
  1595. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc5c0000 LB 0x00024000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
  1596. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
  1597. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fd010000 LB 0x000b1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
  1598. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1599. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
  1600. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
  1601. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
  1602. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  1603. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1604. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1605. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1606. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1607. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  1608. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  1609. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  1610. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1611. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1612. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  1613. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1614. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1615. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1616. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1617. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1618. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  1619. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: New context 000001b19e096400
  1620. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  1621. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EA7F04BD3A5B906B31D4F5427142517E8C881371
  1622. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  1623. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1624. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8febc0000 'C:\WINDOWS\System32\rpcrt4.dll'
  1625. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1626. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1627. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1628. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1629. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1630. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1631. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\SystemRoot\System32\ntdll.dll'
  1632. 26cc.3a0: g_pfnWinVerifyTrust=00007ff8fc7f1ee0
  1633. 26cc.3a0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  1634. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1635. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1636. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1637. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  1638. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1639. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1640. 26cc.3a0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
  1641. 26cc.3a0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  1642. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1643. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1644. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1645. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1646. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1647. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1648. 26cc.3a0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
  1649. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1650. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1651. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1652. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1653. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
  1654. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1655. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1656. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1657. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
  1658. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1659. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1660. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1661. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  1662. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1663. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1664. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1665. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
  1666. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1667. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1668. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1669. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
  1670. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1671. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1672. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1673. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
  1674. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1675. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1676. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1677. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
  1678. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  1679. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1680. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1681. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1682. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1683. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
  1684. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  1685. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1686. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1687. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1688. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
  1689. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1690. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1691. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
  1692. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1693. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1694. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
  1695. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1696. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1697. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
  1698. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1699. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1700. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll'
  1701. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1702. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1703. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
  1704. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1705. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1706. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
  1707. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1708. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1709. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  1710. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1711. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1712. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe'
  1713. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1714. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1715. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
  1716. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1717. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1718. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
  1719. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\system32\crypt32.dll'
  1720. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ba84b7b8ac1fe0d C=US, O=Amazon, CN=Amazon Root CA 4
  1721. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
  1722. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2434ff129a30c500 CN=UniversalADB
  1723. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
  1724. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
  1725. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
  1726. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
  1727. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  1728. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd578ca718078b200 C=US, O=Amazon, CN=Amazon Root CA 1
  1729. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
  1730. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
  1731. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf06771e7d0adc83f CN=D3N1S-LAPTOP
  1732. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4c4a9c2d9f96ad00 C=US, O=Amazon, CN=Amazon Root CA 2
  1733. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  1734. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
  1735. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
  1736. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xaf61f2548345ca00 C=US, O=Carbon Crew Productions, OU=Certificate Authority, CN=Carbon Crew CA
  1737. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
  1738. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2c6561b01e89b0d C=US, O=Amazon, CN=Amazon Root CA 3
  1739. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
  1740. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
  1741. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
  1742. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020
  1743. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
  1744. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa1e31e8b0211b600 C=US, O=Google Trust Services LLC, CN=GTS Root R1
  1745. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
  1746. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
  1747. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
  1748. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
  1749. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
  1750. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
  1751. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
  1752. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
  1753. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1754. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
  1755. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
  1756. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
  1757. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2404221294e78d00 C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
  1758. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
  1759. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x5c3e4a16f34a09ec C=US, O=Internet Security Research Group, CN=ISRG Root X2
  1760. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
  1761. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xbab415bd1e249800 C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
  1762. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
  1763. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
  1764. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
  1765. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
  1766. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  1767. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
  1768. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
  1769. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc48cebc8db05b000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
  1770. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
  1771. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
  1772. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
  1773. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
  1774. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  1775. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
  1776. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
  1777. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
  1778. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4dd6e14065368f00 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2
  1779. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
  1780. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x298c3394be5bca00 C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017
  1781. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
  1782. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
  1783. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1784. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
  1785. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
  1786. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
  1787. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
  1788. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  1789. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
  1790. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
  1791. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
  1792. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
  1793. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
  1794. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4
  1795. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
  1796. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
  1797. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
  1798. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
  1799. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
  1800. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
  1801. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
  1802. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
  1803. 26cc.3a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  1804. 26cc.3a0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=84
  1805. 26cc.3a0: SUPR3HardenedMain: Load Runtime...
  1806. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1807. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1808. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  1809. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  1810. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  1811. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'mpr.dll'.
  1812. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
  1813. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
  1814. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
  1815. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1816. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1817. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1818. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1819. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1820. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
  1821. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll) WinVerifyTrust
  1822. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  1823. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1824. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1825. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1826. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  1827. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  1828. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1829. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1830. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  1831. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1832. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1833. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mpr.dll) WinVerifyTrust
  1834. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mpr.dll
  1835. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  1836. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  1837. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1838. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  1839. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1840. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1841. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  1842. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  1843. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp140.dll) WinVerifyTrust
  1844. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  1845. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  1846. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  1847. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  1848. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  1849. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1850. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  1851. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll)
  1852. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  1853. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1854. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1855. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll'.
  1856. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll)
  1857. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  1858. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1859. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1860. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
  1861. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1862. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1863. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  1864. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
  1865. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1866. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1867. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
  1868. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  1869. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  1870. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  1871. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
  1872. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1873. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  1874. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  1875. 26cc.3a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll'
  1876. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  1877. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1878. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  1879. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
  1880. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  1881. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
  1882. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8e9200000 LB 0x0001e000 C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
  1883. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  1884. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8e8c30000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
  1885. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
  1886. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8e9b20000 LB 0x0008d000 C:\WINDOWS\SYSTEM32\MSVCP140.dll [fFlags=0x0]
  1887. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  1888. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f60c0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
  1889. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
  1890. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe540000 LB 0x0006b000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
  1891. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  1892. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8b9350000 LB 0x006f4000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
  1893. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1894. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1895. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1896. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1897. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1898. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-synch-l1-2-0'
  1899. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1900. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1901. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1902. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1903. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1904. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1905. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-fibers-l1-1-1'
  1906. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1907. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1908. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1909. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1910. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  1911. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1912. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-synch-l1-2-0'
  1913. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1914. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1915. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1916. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1917. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
  1918. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1919. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-fibers-l1-1-1'
  1920. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1921. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1922. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1923. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1924. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  1925. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1926. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdab0000 'C:\WINDOWS\System32\kernel32.dll'
  1927. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1928. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1929. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1930. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1931. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
  1932. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1933. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-string-l1-1-0'
  1934. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1935. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1936. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1937. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1938. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
  1939. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1940. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-localization-l1-2-1'
  1941. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1942. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1943. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1944. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1945. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
  1946. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1947. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-datetime-l1-1-1'
  1948. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1949. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1950. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1951. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1952. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
  1953. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  1954. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-localization-obsolete-l1-2-0'
  1955. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1956. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1957. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1958. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1959. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1960. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1961. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1962. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1963. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1964. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1965. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1966. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1967. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1968. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1969. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1970. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1971. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1972. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1973. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1974. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1975. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1976. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1977. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1978. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1979. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1980. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1981. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1982. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1983. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1984. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1985. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1986. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1987. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1988. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1989. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1990. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1991. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1992. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1993. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1994. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  1995. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  1996. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  1997. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  1998. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  1999. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2000. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2001. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2002. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2003. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2004. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2005. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2006. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2007. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2008. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2009. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2010. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2011. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2012. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2013. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2014. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2015. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2016. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2017. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2018. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2019. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2020. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2021. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2022. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2023. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2024. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2025. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2026. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2027. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2028. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2029. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2030. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2031. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2032. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2033. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2034. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2035. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2036. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  2037. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2038. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2039. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2040. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2041. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2042. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2043. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2044. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2045. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2046. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2047. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2048. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2049. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2050. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2051. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2052. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2053. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2054. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2055. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2056. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2057. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2058. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2059. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2060. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2061. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2062. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2063. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2064. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2065. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2066. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2067. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2068. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2069. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2070. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2071. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2072. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2073. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2074. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2075. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2076. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2077. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2078. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2079. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2080. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2081. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2082. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2083. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2084. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2085. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2086. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2087. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2088. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2089. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2090. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2091. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2092. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2093. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2094. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2095. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2096. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2097. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2098. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2099. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2100. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2101. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2102. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2103. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2104. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2105. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2106. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2107. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2108. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2109. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2110. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2111. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2112. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2113. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2114. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2115. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2116. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2117. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2118. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
  2119. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  2120. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2121. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2122. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2123. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2124. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2125. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2126. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2127. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2128. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2129. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2130. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2131. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'.
  2132. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rescheduled]
  2133. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b9350000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
  2134. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2135. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2136. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll'
  2137. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  2138. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  2139. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc7f0000 'C:\WINDOWS\system32\Wintrust.dll'
  2140. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2141. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2142. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2143. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2144. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\system32\crypt32.dll'
  2145. 26cc.3a0: SUPR3HardenedMain: Load TrustedMain...
  2146. 26cc.ce8: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
  2147. 26cc.ce8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  2148. 26cc.ce8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
  2149. 26cc.ce8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
  2150. 26cc.ce8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
  2151. 26cc.ce8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
  2152. 26cc.ce8: supR3HardenedDllNotificationCallback: load 00007ff8fae70000 LB 0x00012000 C:\WINDOWS\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
  2153. 26cc.ce8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
  2154. 26cc.ce8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fae70000 'api-ms-win-appmodel-runtime-l1-1-2'
  2155. 26cc.ce8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2156. 26cc.ce8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2157. 26cc.ce8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  2158. 26cc.ce8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2159. 26cc.ce8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2160. 26cc.ce8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  2161. 26cc.ce8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2162. 26cc.ce8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2163. 26cc.ce8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
  2164. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2165. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2166. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'uicommon.dll'.
  2167. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2168. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
  2169. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
  2170. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'.
  2171. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt6corevbox.dll'.
  2172. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt6guivbox.dll'.
  2173. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6widgetsvbox.dll'.
  2174. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  2175. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
  2176. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
  2177. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
  2178. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
  2179. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
  2180. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
  2181. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2182. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2183. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2184. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2185. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  2186. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) WinVerifyTrust
  2187. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2188. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2189. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2190. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2191. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2192. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  2193. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2194. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2195. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2196. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
  2197. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
  2198. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) WinVerifyTrust
  2199. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2200. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2201. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2202. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2203. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2204. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  2205. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  2206. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  2207. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  2208. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
  2209. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
  2210. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2211. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2212. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
  2213. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll)
  2214. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  2215. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2216. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2217. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2218. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2219. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
  2220. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'gdi32.dll'.
  2221. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'user32.dll'.
  2222. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
  2223. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) WinVerifyTrust
  2224. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2225. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2226. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2227. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  2228. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2229. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2230. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  2231. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  2232. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
  2233. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2234. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2235. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
  2236. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
  2237. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
  2238. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
  2239. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
  2240. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2241. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2242. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  2243. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
  2244. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
  2245. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  2246. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2247. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2248. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2249. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2250. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  2251. 26cc.3a0: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
  2252. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
  2253. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
  2254. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2255. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2256. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2257. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2258. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2259. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2260. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2261. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2262. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
  2263. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
  2264. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) WinVerifyTrust
  2265. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  2266. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  2267. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2268. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2269. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2270. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2271. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2272. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2273. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2274. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2275. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'dwmapi.dll'.
  2276. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uxtheme.dll'.
  2277. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt6guivbox.dll'.
  2278. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt6corevbox.dll'.
  2279. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2280. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
  2281. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp140.dll'.
  2282. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcp140_1.dll'.
  2283. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'vcruntime140.dll'.
  2284. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'vcruntime140_1.dll'.
  2285. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll) WinVerifyTrust
  2286. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2287. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2288. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2289. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2290. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2291. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  2292. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2293. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2294. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  2295. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2296. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2297. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll'.
  2298. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
  2299. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
  2300. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll)
  2301. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll
  2302. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2303. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2304. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  2305. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2306. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2307. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2308. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2309. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2310. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2311. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2312. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2313. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll'.
  2314. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mpr.dll'.
  2315. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'userenv.dll'.
  2316. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2317. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'authz.dll'.
  2318. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'netapi32.dll'.
  2319. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
  2320. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
  2321. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  2322. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'version.dll'.
  2323. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
  2324. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
  2325. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msvcp140.dll'.
  2326. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msvcp140_1.dll'.
  2327. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'vcruntime140.dll'.
  2328. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'vcruntime140_1.dll'.
  2329. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll)
  2330. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2331. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2332. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2333. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll'.
  2334. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
  2335. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
  2336. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  2337. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  2338. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  2339. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2340. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'dwrite.dll'.
  2341. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6corevbox.dll'.
  2342. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140.dll'.
  2343. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcp140_1.dll'.
  2344. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140_2.dll'.
  2345. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140.dll'.
  2346. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140_1.dll'.
  2347. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll)
  2348. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  2349. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
  2350. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
  2351. 26cc.3a0: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'.
  2352. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2353. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
  2354. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
  2355. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll)
  2356. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  2357. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  2358. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  2359. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'.
  2360. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2361. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'win32u.dll'.
  2362. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
  2363. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'gdi32.dll'.
  2364. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
  2365. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
  2366. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2367. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2368. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2369. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2370. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2371. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2372. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2373. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2374. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2375. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2376. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2377. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  2378. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2379. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2380. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2381. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2382. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2383. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2384. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2385. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2386. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  2387. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2388. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2389. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  2390. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2391. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2392. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  2393. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_2.dll'...
  2394. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_2.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll' [rcNtRedir=0xc0150008]
  2395. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll'.
  2396. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp140.dll'.
  2397. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
  2398. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
  2399. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll)
  2400. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll
  2401. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2402. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2403. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
  2404. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2405. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2406. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  2407. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2408. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2409. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [lacks WinVerifyTrust]
  2410. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwrite.dll'...
  2411. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwrite.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwrite.dll' [rcNtRedir=0xc0150008]
  2412. 26cc.3a0: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume4\Windows\System32\DWrite.dll'.
  2413. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2414. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
  2415. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\DWrite.dll)
  2416. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DWrite.dll
  2417. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2418. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2419. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2420. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2421. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2422. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
  2423. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2424. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #72 'user32.dll'.
  2425. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'gdi32.dll'.
  2426. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
  2427. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
  2428. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2429. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2430. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2431. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2432. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2433. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2434. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
  2435. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
  2436. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
  2437. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2438. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
  2439. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dxgi.dll)
  2440. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dxgi.dll
  2441. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
  2442. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
  2443. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\d3d11.dll'.
  2444. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2445. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'dxgi.dll'.
  2446. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'win32u.dll'.
  2447. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d11.dll)
  2448. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d11.dll
  2449. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2450. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2451. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  2452. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2453. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2454. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  2455. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2456. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2457. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
  2458. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2459. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2460. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  2461. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2462. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2463. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  2464. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2465. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2466. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2467. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  2468. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  2469. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  2470. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2471. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\version.dll)
  2472. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\version.dll
  2473. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2474. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2475. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2476. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2477. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2478. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
  2479. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2480. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2481. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2482. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
  2483. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
  2484. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
  2485. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2486. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\netapi32.dll)
  2487. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\netapi32.dll
  2488. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'authz.dll'...
  2489. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'authz.dll' -> '\Device\HarddiskVolume4\Windows\System32\authz.dll' [rcNtRedir=0xc0150008]
  2490. 26cc.3a0: Detected WinVerifyTrust recursion: rc=22900 '\Device\HarddiskVolume4\Windows\System32\authz.dll'.
  2491. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\authz.dll)
  2492. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\authz.dll
  2493. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2494. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2495. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  2496. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
  2497. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
  2498. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\userenv.dll'.
  2499. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  2500. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll)
  2501. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
  2502. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  2503. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume4\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  2504. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mpr.dll
  2505. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2506. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2507. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2508. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2509. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  2510. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2511. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2512. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2513. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2514. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2515. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2516. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2517. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2518. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2519. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
  2520. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
  2521. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
  2522. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2523. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2524. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2525. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2526. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [lacks WinVerifyTrust]
  2527. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2528. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2529. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2530. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2531. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2532. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2533. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2534. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2535. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2536. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2537. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
  2538. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2539. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2540. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2541. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2542. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2543. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2544. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  2545. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2546. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2547. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2548. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2549. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  2550. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2551. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2552. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'd3d11.dll'.
  2553. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dxgi.dll'.
  2554. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  2555. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  2556. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  2557. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2558. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'dwrite.dll'.
  2559. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6corevbox.dll'.
  2560. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp140.dll'.
  2561. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcp140_1.dll'.
  2562. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp140_2.dll'.
  2563. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'vcruntime140.dll'.
  2564. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'vcruntime140_1.dll'.
  2565. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll) WinVerifyTrust
  2566. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2567. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2568. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [redoing WinVerifyTrust]
  2569. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2570. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2571. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  2572. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2573. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2574. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_2.dll'...
  2575. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_2.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll' [rcNtRedir=0xc0150008]
  2576. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll [lacks WinVerifyTrust]
  2577. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140_1.dll'...
  2578. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rcNtRedir=0xc0150008]
  2579. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll [lacks WinVerifyTrust]
  2580. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2581. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2582. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  2583. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2584. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2585. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [lacks WinVerifyTrust]
  2586. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwrite.dll'...
  2587. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwrite.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwrite.dll' [rcNtRedir=0xc0150008]
  2588. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\DWrite.dll [lacks WinVerifyTrust]
  2589. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2590. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2591. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
  2592. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2593. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2594. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [lacks WinVerifyTrust]
  2595. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2596. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2597. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2598. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2599. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2600. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  2601. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
  2602. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
  2603. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
  2604. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
  2605. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
  2606. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll [lacks WinVerifyTrust]
  2607. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2608. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2609. 26cc.3a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll'
  2610. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2611. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2612. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2613. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2614. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  2615. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2616. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2617. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2618. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2619. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
  2620. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
  2621. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2622. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2623. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  2624. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140.dll'.
  2625. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140_1.dll'.
  2626. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp140.dll'.
  2627. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt6corevbox.dll'.
  2628. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt6guivbox.dll'.
  2629. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt6widgetsvbox.dll'.
  2630. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt6helpvbox.dll'.
  2631. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt6statemachinevbox.dll'.
  2632. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'user32.dll'.
  2633. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
  2634. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ole32.dll'.
  2635. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
  2636. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'rpcrt4.dll'.
  2637. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
  2638. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
  2639. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2640. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2641. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2642. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2643. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2644. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2645. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2646. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2647. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2648. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2649. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  2650. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2651. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2652. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
  2653. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2654. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2655. 26cc.3a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
  2656. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6statemachinevbox.dll'...
  2657. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6statemachinevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6statemachinevbox.dll' [rcNtRedir=0xc0150008]
  2658. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2659. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2660. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt6guivbox.dll'.
  2661. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt6corevbox.dll'.
  2662. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
  2663. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll) WinVerifyTrust
  2664. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll
  2665. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6helpvbox.dll'...
  2666. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6helpvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6helpvbox.dll' [rcNtRedir=0xc0150008]
  2667. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2668. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2669. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2670. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2671. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2672. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2673. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2674. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [lacks WinVerifyTrust]
  2675. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2676. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2677. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt6sqlvbox.dll'.
  2678. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt6widgetsvbox.dll'.
  2679. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt6guivbox.dll'.
  2680. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt6corevbox.dll'.
  2681. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp140.dll'.
  2682. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vcruntime140.dll'.
  2683. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'vcruntime140_1.dll'.
  2684. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll) WinVerifyTrust
  2685. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll
  2686. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  2687. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  2688. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2689. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2690. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2691. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [redoing WinVerifyTrust]
  2692. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2693. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2694. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2695. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2696. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2697. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2698. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2699. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2700. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2701. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  2702. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  2703. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [lacks WinVerifyTrust]
  2704. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  2705. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  2706. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2707. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6sqlvbox.dll'...
  2708. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6sqlvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6sqlvbox.dll' [rcNtRedir=0xc0150008]
  2709. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2710. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt6corevbox.dll'.
  2711. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp140.dll'.
  2712. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vcruntime140.dll'.
  2713. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140_1.dll'.
  2714. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll)
  2715. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll
  2716. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2717. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2718. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2719. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2720. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2721. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2722. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2723. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2724. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2725. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  2726. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  2727. 26cc.3a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll'
  2728. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  2729. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  2730. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2731. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  2732. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  2733. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  2734. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  2735. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  2736. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  2737. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  2738. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2739. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2740. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
  2741. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
  2742. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
  2743. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll
  2744. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  2745. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2746. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2747. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll
  2748. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll
  2749. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
  2750. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\authz.dll [avoiding WinVerifyTrust]
  2751. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
  2752. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
  2753. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
  2754. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
  2755. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
  2756. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\DWrite.dll [avoiding WinVerifyTrust]
  2757. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll [avoiding WinVerifyTrust]
  2758. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
  2759. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
  2760. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll [avoiding WinVerifyTrust]
  2761. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\netutils.dll)
  2762. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\netutils.dll
  2763. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  2764. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\srvcli.dll)
  2765. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\srvcli.dll
  2766. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc580000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\USERENV.dll [fFlags=0x0]
  2767. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
  2768. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fb430000 LB 0x0004f000 C:\WINDOWS\SYSTEM32\AUTHZ.dll [fFlags=0x0]
  2769. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\authz.dll [avoiding WinVerifyTrust]
  2770. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8e9d50000 LB 0x00019000 C:\WINDOWS\SYSTEM32\NETAPI32.dll [fFlags=0x0]
  2771. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netapi32.dll [avoiding WinVerifyTrust]
  2772. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fdf60000 LB 0x00353000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
  2773. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
  2774. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fcb90000 LB 0x00022000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
  2775. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
  2776. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fcec0000 LB 0x0009d000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
  2777. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
  2778. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fedf0000 LB 0x0019d000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
  2779. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc860000 LB 0x00117000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
  2780. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  2781. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
  2782. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
  2783. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'win32u.dll'.
  2784. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32full.dll)
  2785. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
  2786. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe5e0000 LB 0x0002b000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
  2787. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
  2788. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe610000 LB 0x0012b000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
  2789. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  2790. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fd140000 LB 0x0076d000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
  2791. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [avoiding WinVerifyTrust]
  2792. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fa470000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0]
  2793. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll [avoiding WinVerifyTrust]
  2794. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f1f20000 LB 0x00027000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
  2795. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  2796. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ed940000 LB 0x00009000 C:\WINDOWS\SYSTEM32\MSVCP140_1.dll [fFlags=0x0]
  2797. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll [avoiding WinVerifyTrust]
  2798. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fbab0000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\NETUTILS.DLL [fFlags=0x0]
  2799. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\netutils.dll [avoiding WinVerifyTrust]
  2800. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f6090000 LB 0x00028000 C:\WINDOWS\SYSTEM32\SRVCLI.DLL [fFlags=0x0]
  2801. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\srvcli.dll [avoiding WinVerifyTrust]
  2802. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8b5f20000 LB 0x00588000 C:\Program Files\Oracle\VirtualBox\Qt6CoreVBox.dll [fFlags=0x0]
  2803. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fafc0000 LB 0x000f6000 C:\WINDOWS\SYSTEM32\dxgi.dll [fFlags=0x0]
  2804. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
  2805. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f8560000 LB 0x00263000 C:\WINDOWS\SYSTEM32\d3d11.dll [fFlags=0x0]
  2806. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll [avoiding WinVerifyTrust]
  2807. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ebcf0000 LB 0x0027f000 C:\WINDOWS\SYSTEM32\DWrite.dll [fFlags=0x0]
  2808. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\DWrite.dll [avoiding WinVerifyTrust]
  2809. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8c3630000 LB 0x00041000 C:\WINDOWS\SYSTEM32\MSVCP140_2.dll [fFlags=0x0]
  2810. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll [avoiding WinVerifyTrust]
  2811. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ad1e0000 LB 0x00773000 C:\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll [fFlags=0x0]
  2812. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  2813. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f9ca0000 LB 0x0002f000 C:\WINDOWS\SYSTEM32\dwmapi.dll [fFlags=0x0]
  2814. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
  2815. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f9ad0000 LB 0x0009e000 C:\WINDOWS\SYSTEM32\UxTheme.dll [fFlags=0x0]
  2816. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll [avoiding WinVerifyTrust]
  2817. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8acc10000 LB 0x005c1000 C:\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll [fFlags=0x0]
  2818. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  2819. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8c22f0000 LB 0x00047000 C:\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll [fFlags=0x0]
  2820. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll [avoiding WinVerifyTrust]
  2821. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8c0980000 LB 0x0008b000 C:\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll [fFlags=0x0]
  2822. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6HelpVBox.dll
  2823. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8c5ee0000 LB 0x0004f000 C:\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll [fFlags=0x0]
  2824. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6StateMachineVBox.dll
  2825. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe2d0000 LB 0x000cd000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
  2826. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  2827. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ad960000 LB 0x01b40000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
  2828. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\UICommon.dll
  2829. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8c7110000 LB 0x00154000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
  2830. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
  2831. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
  2832. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
  2833. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\srvcli.dll'.
  2834. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\srvcli.dll' [rescheduled]
  2835. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netutils.dll'.
  2836. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netutils.dll' [rescheduled]
  2837. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2838. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  2839. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\userenv.dll'.
  2840. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rescheduled]
  2841. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\authz.dll'.
  2842. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\authz.dll' [rescheduled]
  2843. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
  2844. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rescheduled]
  2845. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  2846. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
  2847. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\d3d11.dll'.
  2848. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rescheduled]
  2849. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
  2850. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
  2851. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
  2852. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
  2853. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\DWrite.dll'.
  2854. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DWrite.dll' [rescheduled]
  2855. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll'.
  2856. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll' [rescheduled]
  2857. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'.
  2858. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rescheduled]
  2859. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'.
  2860. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rescheduled]
  2861. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll'.
  2862. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rescheduled]
  2863. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  2864. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
  2865. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  2866. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
  2867. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
  2868. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
  2869. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  2870. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
  2871. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  2872. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
  2873. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
  2874. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
  2875. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
  2876. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2877. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2878. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
  2879. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  2880. 26cc.3a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
  2881. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2882. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2883. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  2884. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  2885. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\win32u.dll [redoing WinVerifyTrust]
  2886. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  2887. 26cc.3a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\win32u.dll
  2888. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2889. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2890. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2891. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2892. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
  2893. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  2894. 26cc.3a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  2895. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  2896. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  2897. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
  2898. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
  2899. 26cc.3a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  2900. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2901. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2902. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  2903. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe5b0000 LB 0x0002f000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
  2904. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
  2905. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe5b0000 'C:\WINDOWS\system32\IMM32.DLL'
  2906. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  2907. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
  2908. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
  2909. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
  2910. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\srvcli.dll'.
  2911. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\srvcli.dll' [rescheduled]
  2912. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netutils.dll'.
  2913. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netutils.dll' [rescheduled]
  2914. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2915. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  2916. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\userenv.dll'.
  2917. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rescheduled]
  2918. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\authz.dll'.
  2919. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\authz.dll' [rescheduled]
  2920. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
  2921. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rescheduled]
  2922. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  2923. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
  2924. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\d3d11.dll'.
  2925. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rescheduled]
  2926. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
  2927. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
  2928. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
  2929. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
  2930. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\DWrite.dll'.
  2931. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DWrite.dll' [rescheduled]
  2932. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll'.
  2933. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll' [rescheduled]
  2934. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'.
  2935. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rescheduled]
  2936. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'.
  2937. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rescheduled]
  2938. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll'.
  2939. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rescheduled]
  2940. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  2941. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
  2942. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  2943. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
  2944. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
  2945. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
  2946. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  2947. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
  2948. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  2949. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
  2950. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
  2951. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
  2952. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\srvcli.dll'.
  2953. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\srvcli.dll' [rescheduled]
  2954. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netutils.dll'.
  2955. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netutils.dll' [rescheduled]
  2956. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  2957. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  2958. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\userenv.dll'.
  2959. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rescheduled]
  2960. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\authz.dll'.
  2961. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\authz.dll' [rescheduled]
  2962. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
  2963. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rescheduled]
  2964. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  2965. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
  2966. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\d3d11.dll'.
  2967. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rescheduled]
  2968. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
  2969. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
  2970. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
  2971. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
  2972. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\DWrite.dll'.
  2973. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DWrite.dll' [rescheduled]
  2974. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll'.
  2975. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll' [rescheduled]
  2976. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'.
  2977. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rescheduled]
  2978. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'.
  2979. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rescheduled]
  2980. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll'.
  2981. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rescheduled]
  2982. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  2983. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
  2984. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  2985. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
  2986. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
  2987. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
  2988. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  2989. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
  2990. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
  2991. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  2992. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  2993. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe5e0000 'C:\WINDOWS\System32\gdi32.dll'
  2994. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
  2995. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
  2996. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'.
  2997. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll' [rescheduled]
  2998. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\srvcli.dll'.
  2999. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\srvcli.dll' [rescheduled]
  3000. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netutils.dll'.
  3001. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netutils.dll' [rescheduled]
  3002. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'.
  3003. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll' [rescheduled]
  3004. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\userenv.dll'.
  3005. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rescheduled]
  3006. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\authz.dll'.
  3007. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\authz.dll' [rescheduled]
  3008. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'.
  3009. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll' [rescheduled]
  3010. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\version.dll'.
  3011. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\version.dll' [rescheduled]
  3012. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\d3d11.dll'.
  3013. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rescheduled]
  3014. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'.
  3015. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll' [rescheduled]
  3016. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
  3017. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rescheduled]
  3018. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\DWrite.dll'.
  3019. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\DWrite.dll' [rescheduled]
  3020. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll'.
  3021. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll' [rescheduled]
  3022. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'.
  3023. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rescheduled]
  3024. 26cc.3a0: Detected loader lock ownership: rc=22900 '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'.
  3025. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rescheduled]
  3026. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll'.
  3027. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll' [rescheduled]
  3028. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\win32u.dll'.
  3029. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rescheduled]
  3030. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
  3031. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rescheduled]
  3032. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'.
  3033. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rescheduled]
  3034. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
  3035. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
  3036. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c7110000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
  3037. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3038. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3039. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll'
  3040. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3041. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3042. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32full.dll'
  3043. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3044. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3045. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\srvcli.dll'
  3046. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3047. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3048. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\netutils.dll'
  3049. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3050. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3051. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6SqlVBox.dll'
  3052. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3053. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3054. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\userenv.dll'
  3055. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000540 pwszName=\Device\HarddiskVolume4\Windows\System32\authz.dll
  3056. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3057. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3058. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE0C1599356C78E1996BBA0FF6F53619B298CA2E
  3059. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3060. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3061. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\authz.dll'
  3062. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3063. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\authz.dll'
  3064. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3065. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3066. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\netapi32.dll'
  3067. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3068. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3069. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\version.dll'
  3070. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3071. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3072. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\d3d11.dll'
  3073. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3074. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3075. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dxgi.dll'
  3076. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3077. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  3078. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3079. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3080. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
  3081. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume4\Windows\System32\DWrite.dll
  3082. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3083. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3084. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D15D1D7640D8F1BCCB5F5EA6305DDEC6EFEE936
  3085. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3086. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3087. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\DWrite.dll'
  3088. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3089. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\DWrite.dll'
  3090. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3091. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3092. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_2.dll'
  3093. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  3094. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3095. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3096. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3097. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
  3098. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  3099. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3100. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3101. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46F560EC7E69F2E5DFFEE7B57FD651A828BC50C7
  3102. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3103. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3104. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
  3105. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3106. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
  3107. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3108. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3109. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp140_1.dll'
  3110. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3111. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3112. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\win32u.dll'
  3113. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3114. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3115. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
  3116. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3117. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3118. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll'
  3119. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3120. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3121. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
  3122. 26cc.3a0: SUPR3HardenedMain: Calling TrustedMain (00007ff8c71119a0)...
  3123. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
  3124. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
  3125. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'wldp.dll'.
  3126. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\windows.storage.dll)
  3127. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
  3128. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3129. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'oleaut32.dll'.
  3130. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wldp.dll)
  3131. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wldp.dll
  3132. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fbfe0000 LB 0x0002e000 C:\WINDOWS\SYSTEM32\Wldp.dll [fFlags=0x0]
  3133. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [avoiding WinVerifyTrust]
  3134. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fa6b0000 LB 0x007a4000 C:\WINDOWS\SYSTEM32\windows.storage.dll [fFlags=0x0]
  3135. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
  3136. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe3a0000 LB 0x000ad000 C:\WINDOWS\System32\SHCORE.dll [fFlags=0x0]
  3137. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3138. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'combase.dll'.
  3139. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
  3140. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
  3141. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fd930000 LB 0x00055000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
  3142. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  3143. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
  3144. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
  3145. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3146. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3147. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3148. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3149. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
  3150. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3151. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3152. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3153. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3154. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3155. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3156. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3157. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  3158. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldp.dll'...
  3159. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldp.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldp.dll' [rcNtRedir=0xc0150008]
  3160. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wldp.dll [lacks WinVerifyTrust]
  3161. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3162. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3163. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  3164. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3165. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3166. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
  3167. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3168. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3169. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'
  3170. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3171. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3172. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'
  3173. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3174. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3175. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wldp.dll'
  3176. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3177. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3178. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\windows.storage.dll'
  3179. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3180. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3181. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
  3182. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dwmapi.dll'.
  3183. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  3184. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
  3185. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  3186. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  3187. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'setupapi.dll'.
  3188. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'.
  3189. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
  3190. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  3191. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'winmm.dll'.
  3192. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'wtsapi32.dll'.
  3193. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'comdlg32.dll'.
  3194. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'd3d9.dll'.
  3195. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'qt6guivbox.dll'.
  3196. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'qt6corevbox.dll'.
  3197. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'msvcp140.dll'.
  3198. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'vcruntime140.dll'.
  3199. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'vcruntime140_1.dll'.
  3200. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll) WinVerifyTrust
  3201. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll
  3202. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3203. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3204. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3205. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3206. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  3207. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  3208. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  3209. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  3210. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  3211. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  3212. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  3213. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d9.dll'...
  3214. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d9.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d9.dll' [rcNtRedir=0xc0150008]
  3215. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3216. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3217. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3218. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  3219. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
  3220. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
  3221. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'dwmapi.dll'.
  3222. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d3d9.dll) WinVerifyTrust
  3223. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d3d9.dll
  3224. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  3225. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  3226. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000704 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  3227. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3228. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3229. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F46DEE040A30078E2D55DFA41AC5167B169A91B2
  3230. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  3231. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  3232. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
  3233. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3234. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3235. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  3236. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  3237. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3238. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3239. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3240. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3241. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3242. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3243. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0517~31bf3856ad364e35~amd64~~10.0.19041.5198.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
  3244. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3245. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3246. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
  3247. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
  3248. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'shlwapi.dll'.
  3249. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'gdi32.dll'.
  3250. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'comctl32.dll'.
  3251. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'shell32.dll'.
  3252. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll) WinVerifyTrust
  3253. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  3254. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
  3255. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
  3256. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  3257. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  3258. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  3259. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
  3260. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
  3261. 26cc.3a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
  3262. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  3263. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  3264. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3265. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
  3266. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
  3267. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3268. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3269. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  3270. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  3271. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
  3272. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3273. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3274. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3275. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3276. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  3277. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3278. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3279. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3280. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3281. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3282. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3283. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3284. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3285. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  3286. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3287. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3288. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3289. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wtsapi32.dll) WinVerifyTrust
  3290. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
  3291. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3292. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3293. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
  3294. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3295. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3296. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  3297. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  3298. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
  3299. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  3300. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  3301. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  3302. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  3303. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  3304. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3305. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3306. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3307. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3308. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3309. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
  3310. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'cfgmgr32.dll'.
  3311. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'bcrypt.dll'.
  3312. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll) WinVerifyTrust
  3313. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  3314. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3315. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3316. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3317. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3318. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3319. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  3320. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  3321. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  3322. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
  3323. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3324. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3325. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  3326. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  3327. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
  3328. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3329. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3330. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  3331. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  3332. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  3333. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  3334. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  3335. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  3336. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3337. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3338. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll) WinVerifyTrust
  3339. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
  3340. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3341. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3342. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3343. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3344. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3345. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll
  3346. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
  3347. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  3348. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  3349. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3350. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll)
  3351. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll
  3352. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
  3353. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fca40000 LB 0x0004e000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
  3354. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
  3355. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fe740000 LB 0x0046e000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
  3356. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  3357. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f76a0000 LB 0x00014000 C:\WINDOWS\SYSTEM32\WTSAPI32.dll [fFlags=0x0]
  3358. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wtsapi32.dll
  3359. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8da960000 LB 0x000b0000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\COMCTL32.dll [fFlags=0x0]
  3360. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll [avoiding WinVerifyTrust]
  3361. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fdde0000 LB 0x000da000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
  3362. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
  3363. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8b72c0000 LB 0x001d1000 C:\WINDOWS\SYSTEM32\d3d9.dll [fFlags=0x0]
  3364. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d9.dll
  3365. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8b5e50000 LB 0x000cd000 C:\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll [fFlags=0x0]
  3366. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll
  3367. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll'.
  3368. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll' [rescheduled]
  3369. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
  3370. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
  3371. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
  3372. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3373. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3374. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
  3375. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3376. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3377. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
  3378. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3379. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3380. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  3381. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3382. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe5b0000 'C:\WINDOWS\System32\imm32.dll'
  3383. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll'.
  3384. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll' [rescheduled]
  3385. 26cc.3a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
  3386. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
  3387. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b5e50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindowsVBox.dll'
  3388. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3389. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3390. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.4355_none_792ecafd2442822f\comctl32.dll'
  3391. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3392. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3393. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'
  3394. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  3395. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3396. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9ad0000 'C:\WINDOWS\system32\uxtheme.dll'
  3397. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
  3398. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)
  3399. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
  3400. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fbbe0000 LB 0x0004b000 C:\WINDOWS\SYSTEM32\powrprof.dll [fFlags=0x0]
  3401. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
  3402. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\umpdc.dll)
  3403. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\umpdc.dll
  3404. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fba50000 LB 0x00012000 C:\WINDOWS\SYSTEM32\UMPDC.dll [fFlags=0x0]
  3405. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
  3406. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fd990000 LB 0x00115000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
  3407. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3408. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
  3409. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
  3410. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
  3411. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'imm32.dll'.
  3412. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
  3413. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
  3414. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'cfgmgr32.dll'.
  3415. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
  3416. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
  3417. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fc160000 LB 0x00033000 C:\WINDOWS\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
  3418. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
  3419. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  3420. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  3421. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
  3422. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  3423. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  3424. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
  3425. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3426. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3427. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3428. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3429. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3430. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3431. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3432. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3433. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3434. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3435. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3436. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3437. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3438. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
  3439. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3440. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3441. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll'
  3442. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3443. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3444. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\umpdc.dll'
  3445. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3446. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3447. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\powrprof.dll'
  3448. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3449. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3450. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  3451. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  3452. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'uxtheme.dll'.
  3453. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt6widgetsvbox.dll'.
  3454. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt6guivbox.dll'.
  3455. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt6corevbox.dll'.
  3456. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'vcruntime140.dll'.
  3457. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'vcruntime140_1.dll'.
  3458. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll) WinVerifyTrust
  3459. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll
  3460. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3461. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3462. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3463. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3464. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6corevbox.dll'...
  3465. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6corevbox.dll' [rcNtRedir=0xc0150008]
  3466. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6guivbox.dll'...
  3467. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6guivbox.dll' [rcNtRedir=0xc0150008]
  3468. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6GuiVBox.dll
  3469. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt6widgetsvbox.dll'...
  3470. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt6widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt6widgetsvbox.dll' [rcNtRedir=0xc0150008]
  3471. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt6WidgetsVBox.dll
  3472. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
  3473. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
  3474. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  3475. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3476. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3477. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3478. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3479. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3480. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll
  3481. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ed8d0000 LB 0x00025000 C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll [fFlags=0x0]
  3482. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll
  3483. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ed8d0000 'C:\Program Files\Oracle\VirtualBox\styles\qwindowsvistastyleVBox.dll'
  3484. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
  3485. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3486. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f9ad0000 'C:\WINDOWS\System32\uxtheme.dll'
  3487. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3488. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3489. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3490. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
  3491. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'user32.dll'.
  3492. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll) WinVerifyTrust
  3493. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll
  3494. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3495. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3496. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3497. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3498. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3499. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3500. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
  3501. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll
  3502. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8e0db0000 LB 0x0029a000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll [fFlags=0x0]
  3503. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll
  3504. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e0db0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll'
  3505. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll
  3506. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
  3507. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e0db0000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16\comctl32.dll'
  3508. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3509. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
  3510. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  3511. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'bcrypt.dll'.
  3512. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll)
  3513. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll
  3514. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f9890000 LB 0x001b4000 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
  3515. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
  3516. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fdb80000 LB 0x000a9000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
  3517. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3518. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
  3519. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
  3520. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
  3521. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3522. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3523. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3524. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3525. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  3526. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  3527. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  3528. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3529. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3530. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3531. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3532. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3533. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3534. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3535. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3536. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3537. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
  3538. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3539. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3540. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WindowsCodecs.dll'
  3541. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3542. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3543. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shcore.dll'.
  3544. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
  3545. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\thumbcache.dll) WinVerifyTrust
  3546. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
  3547. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3548. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3549. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
  3550. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
  3551. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
  3552. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3553. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
  3554. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8eccb0000 LB 0x00066000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
  3555. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\thumbcache.dll
  3556. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8eccb0000 'C:\Windows\System32\thumbcache.dll'
  3557. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3558. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3559. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  3560. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  3561. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  3562. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  3563. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'.
  3564. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
  3565. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
  3566. 26cc.34c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
  3567. 26cc.34c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  3568. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3569. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3570. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3571. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3572. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3573. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  3574. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3575. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3576. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  3577. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3578. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3579. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  3580. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  3581. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3582. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3583. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3584. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3585. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3586. 26cc.34c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  3587. 26cc.34c0: supR3HardenedDllNotificationCallback: load 00007ff8ac810000 LB 0x003f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
  3588. 26cc.34c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  3589. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ac810000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
  3590. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3591. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3592. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  3593. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  3594. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
  3595. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
  3596. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
  3597. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
  3598. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  3599. 26cc.34c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
  3600. 26cc.34c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
  3601. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3602. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3603. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3604. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3605. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  3606. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3607. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3608. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  3609. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  3610. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  3611. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
  3612. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3613. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3614. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  3615. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3616. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3617. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3618. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3619. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3620. 26cc.34c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
  3621. 26cc.34c0: supR3HardenedDllNotificationCallback: load 00007ff8d3c50000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
  3622. 26cc.34c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
  3623. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d3c50000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
  3624. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008a8 pwszName=\Device\HarddiskVolume4\Windows\System32\msiltcfg.dll
  3625. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3626. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3627. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D450AA7AEB704C8D3858C7AA7786AA356C16B97
  3628. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3629. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3630. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0312~31bf3856ad364e35~amd64~~10.0.19041.5247.cat'; file='\Device\HarddiskVolume4\Windows\System32\msiltcfg.dll'
  3631. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3632. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3633. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
  3634. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
  3635. 26cc.34c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msiltcfg.dll) WinVerifyTrust
  3636. 26cc.34c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll
  3637. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
  3638. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume4\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
  3639. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
  3640. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3641. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3642. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3643. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3644. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  3645. 26cc.34c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll
  3646. 26cc.34c0: supR3HardenedDllNotificationCallback: load 00007ff8ea7c0000 LB 0x0000a000 C:\WINDOWS\System32\msiltcfg.dll [fFlags=0x0]
  3647. 26cc.34c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll
  3648. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea7c0000 'C:\WINDOWS\System32\msiltcfg.dll'
  3649. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fedf0000 'C:\WINDOWS\System32\user32.dll'
  3650. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008d0 pwszName=\Device\HarddiskVolume4\Windows\System32\msi.dll
  3651. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3652. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3653. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66BE8202A34C590011AF8A90013811F3572AF977
  3654. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3655. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3656. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0312~31bf3856ad364e35~amd64~~10.0.19041.5247.cat'; file='\Device\HarddiskVolume4\Windows\System32\msi.dll'
  3657. 26cc.34c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3658. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3659. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
  3660. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3661. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
  3662. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
  3663. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  3664. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
  3665. 26cc.34c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'bcrypt.dll'.
  3666. 26cc.34c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msi.dll) WinVerifyTrust
  3667. 26cc.34c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msi.dll
  3668. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  3669. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  3670. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  3671. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3672. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3673. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3674. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3675. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3676. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3677. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  3678. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  3679. 26cc.34c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  3680. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3681. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3682. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3683. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3684. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3685. 26cc.34c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3686. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msi.dll (Input=msi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3687. 26cc.34c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msi.dll
  3688. 26cc.34c0: supR3HardenedDllNotificationCallback: load 00007ff8e6700000 LB 0x0033b000 C:\WINDOWS\System32\msi.dll [fFlags=0x0]
  3689. 26cc.34c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msi.dll
  3690. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e6700000 'C:\WINDOWS\System32\msi.dll'
  3691. 26cc.34c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msiltcfg.dll
  3692. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3693. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea7c0000 'C:\WINDOWS\System32\msiltcfg.dll'
  3694. 26cc.34c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe2d0000 'C:\WINDOWS\system32\oleaut32.dll'
  3695. 26cc.3a0: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
  3696. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
  3697. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
  3698. 26cc.3a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000098c (hFile=0000000000000984) with 0xc0000022 -> STATUS_TRUST_FAILURE
  3699. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
  3700. 26cc.3a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000984 (hFile=000000000000098c) with 0xc0000022 -> STATUS_TRUST_FAILURE
  3701. 26cc.1270: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000988 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
  3702. 26cc.1270: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3703. 26cc.1270: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3704. 26cc.1270: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ED2E27393B53A7AF8214786465A56463C5BE0EAC
  3705. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3706. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3707. 26cc.1270: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
  3708. 26cc.1270: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3709. 26cc.1270: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
  3710. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3711. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3712. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3713. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3714. 26cc.1270: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Owner is administrators group.
  3715. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3716. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3717. 26cc.1270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  3718. 26cc.1270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  3719. 26cc.1270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
  3720. 26cc.1270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
  3721. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3722. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3723. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3724. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3725. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3726. 26cc.1270: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
  3727. 26cc.1270: supR3HardenedDllNotificationCallback: load 00007ff8ec160000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
  3728. 26cc.1270: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
  3729. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ec160000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
  3730. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3731. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3732. 26cc.1270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  3733. 26cc.1270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  3734. 26cc.1270: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  3735. 26cc.1270: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
  3736. 26cc.1270: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3737. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  3738. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  3739. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  3740. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  3741. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  3742. 26cc.1270: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  3743. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3744. 26cc.1270: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3745. 26cc.1270: supR3HardenedDllNotificationCallback: load 00007ff8bcf20000 LB 0x0057c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
  3746. 26cc.1270: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
  3747. 26cc.1270: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bcf20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
  3748. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe2d0000 'C:\Windows\System32\oleaut32.dll'
  3749. 26cc.3a0: \Device\HarddiskVolume4\Windows\System32\igdumdim64.dll: Owner is administrators group.
  3750. 26cc.3a0: \Device\HarddiskVolume4\Windows\System32\igdumdim64.dll: Signature #1/2: info status: 24202
  3751. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3752. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8da920000 'C:\WINDOWS\System32\cryptnet.dll'
  3753. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3754. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
  3755. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  3756. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  3757. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  3758. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
  3759. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
  3760. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\igdumdim64.dll) WinVerifyTrust
  3761. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\igdumdim64.dll
  3762. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3763. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3764. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  3765. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  3766. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  3767. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3768. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3769. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3770. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3771. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3772. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3773. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3774. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3775. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\igdumdim64.dll (Input=igdumdim64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3776. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\igdumdim64.dll
  3777. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8b3840000 LB 0x0253a000 C:\WINDOWS\System32\igdumdim64.dll [fFlags=0x0]
  3778. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\igdumdim64.dll
  3779. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3840000 'C:\WINDOWS\System32\igdumdim64.dll'
  3780. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\igdumdim64.dll
  3781. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\igdumdim64.dll (Input=igdumdim64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3782. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b3840000 'C:\WINDOWS\System32\igdumdim64.dll'
  3783. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe5e0000 'C:\WINDOWS\System32\gdi32.dll'
  3784. 26cc.3a0: supR3HardenedDllNotificationCallback: Unload 00007ff8b3840000 LB 0x0253a000 C:\WINDOWS\System32\igdumdim64.dll [flags=0x0]
  3785. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume4\Windows\System32\DataExchange.dll
  3786. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3787. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3788. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ACD8A296E7ACE4439DCEAD95C171746D3A7D8D4C
  3789. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3790. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3791. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.5198.cat'; file='\Device\HarddiskVolume4\Windows\System32\DataExchange.dll'
  3792. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3793. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3794. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
  3795. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
  3796. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\DataExchange.dll) WinVerifyTrust
  3797. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
  3798. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
  3799. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume4\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
  3800. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3801. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3802. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
  3803. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
  3804. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dcomp.dll) WinVerifyTrust
  3805. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dcomp.dll
  3806. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
  3807. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume4\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
  3808. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d3d11.dll
  3809. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3810. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3811. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3812. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3813. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  3814. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
  3815. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
  3816. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3817. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
  3818. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
  3819. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f8da0000 LB 0x001e4000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
  3820. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dcomp.dll
  3821. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f1d50000 LB 0x0003e000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
  3822. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\DataExchange.dll
  3823. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1d50000 'C:\WINDOWS\system32\dataexchange.dll'
  3824. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
  3825. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'combase.dll'.
  3826. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'msvcp_win.dll'.
  3827. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll)
  3828. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll
  3829. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f50f0000 LB 0x00203000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
  3830. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
  3831. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  3832. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  3833. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  3834. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3835. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3836. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
  3837. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3838. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3839. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3840. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3841. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\twinapi.appcore.dll'
  3842. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
  3843. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shcore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  3844. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe3a0000 'C:\WINDOWS\system32\Shcore.dll'
  3845. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3846. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
  3847. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  3848. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'coreuicomponents.dll'.
  3849. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'coremessaging.dll'.
  3850. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll)
  3851. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll
  3852. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3853. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
  3854. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'rpcrt4.dll'.
  3855. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
  3856. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll)
  3857. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll
  3858. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3859. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'ws2_32.dll'.
  3860. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll)
  3861. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll
  3862. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntmarta.dll)
  3863. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntmarta.dll
  3864. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
  3865. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
  3866. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcryptprimitives.dll'.
  3867. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinTypes.dll)
  3868. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinTypes.dll
  3869. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8fb8e0000 LB 0x00033000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
  3870. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
  3871. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f7e50000 LB 0x000f2000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
  3872. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
  3873. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f76c0000 LB 0x00157000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
  3874. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
  3875. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f7820000 LB 0x0035b000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
  3876. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
  3877. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f0660000 LB 0x000f9000 C:\WINDOWS\SYSTEM32\textinputframework.dll [fFlags=0x0]
  3878. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
  3879. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  3880. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  3881. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
  3882. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3883. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3884. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
  3885. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
  3886. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll
  3887. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3888. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3889. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  3890. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3891. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3892. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
  3893. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
  3894. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
  3895. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3896. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3897. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
  3898. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
  3899. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
  3900. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3901. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3902. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
  3903. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume4\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
  3904. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
  3905. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
  3906. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume4\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
  3907. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
  3908. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3909. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3910. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3911. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3912. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3913. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3914. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3915. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3916. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\WinTypes.dll'
  3917. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3918. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3919. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntmarta.dll'
  3920. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3921. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3922. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreMessaging.dll'
  3923. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3924. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3925. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\CoreUIComponents.dll'
  3926. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3927. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3928. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\TextInputFramework.dll'
  3929. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe610000 'C:\WINDOWS\System32\ole32.dll'
  3930. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe2d0000 'C:\WINDOWS\System32\OLEAUT32.dll'
  3931. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee8 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  3932. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3933. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3934. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDE779C324B1B2E91238C2A86E13264284D56B8
  3935. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3936. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3937. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
  3938. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3939. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3940. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
  3941. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
  3942. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
  3943. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  3944. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  3945. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  3946. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  3947. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3948. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3949. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06C20E7BC3E9597C13106014E3B43BA539218431
  3950. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3951. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3952. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
  3953. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3954. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3955. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll) WinVerifyTrust
  3956. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  3957. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3958. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3959. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  3960. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3961. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3962. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3963. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3964. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  3965. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3966. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  3967. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  3968. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f5840000 LB 0x00090000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
  3969. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  3970. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f2d70000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
  3971. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
  3972. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
  3973. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3974. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
  3975. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f2d70000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
  3976. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e9c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  3977. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  3978. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  3979. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86AB79F51B3C103952EF93FB96F82884D552BCBD
  3980. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  3981. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  3982. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
  3983. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3984. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3985. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
  3986. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
  3987. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  3988. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3989. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3990. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3991. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3992. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  3993. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  3994. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f1f00000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
  3995. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
  3996. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f1f00000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
  3997. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
  3998. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  3999. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-localization-l1-2-0.dll'
  4000. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
  4001. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  4002. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
  4003. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d58 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  4004. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  4005. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  4006. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AB97693F92EFCE2E11FCE472A53A6E138A867FDB
  4007. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4008. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4009. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
  4010. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4011. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4012. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
  4013. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
  4014. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  4015. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  4016. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  4017. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
  4018. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  4019. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  4020. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4021. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  4022. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f2570000 LB 0x0010c000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
  4023. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
  4024. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f2570000 'C:\WINDOWS\system32\wbem\fastprox.dll'
  4025. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef4 pwszName=\Device\HarddiskVolume4\Windows\System32\amsi.dll
  4026. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  4027. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  4028. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=759C41732AEF7C0FEF4EB5854E70672674DBA3BB
  4029. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4030. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4031. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\amsi.dll'
  4032. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4033. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4034. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
  4035. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\amsi.dll) WinVerifyTrust
  4036. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\amsi.dll
  4037. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4038. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4039. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  4040. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  4041. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4042. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
  4043. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ef820000 LB 0x0001f000 C:\WINDOWS\System32\amsi.dll [fFlags=0x0]
  4044. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\amsi.dll
  4045. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ef820000 'C:\WINDOWS\System32\amsi.dll'
  4046. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4047. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4048. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
  4049. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
  4050. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
  4051. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOAV.dll) WinVerifyTrust
  4052. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOAV.dll
  4053. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  4054. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  4055. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4056. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4057. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  4058. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  4059. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOav.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4060. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOAV.dll
  4061. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ef790000 LB 0x00083000 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOav.dll [fFlags=0x0]
  4062. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOAV.dll
  4063. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
  4064. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4065. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcbc0000 'api-ms-win-core-synch-l1-2-0'
  4066. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  4067. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4068. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdab0000 'C:\WINDOWS\System32\kernel32.dll'
  4069. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\version.dll
  4070. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  4071. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fa470000 'C:\WINDOWS\system32\version.dll'
  4072. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ef790000 'C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpOav.dll'
  4073. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd010000 'C:\WINDOWS\System32\ADVAPI32.dll'
  4074. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe610000 'C:\WINDOWS\system32\ole32.dll'
  4075. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc0 pwszName=\Device\HarddiskVolume4\Windows\System32\ExplorerFrame.dll
  4076. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  4077. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  4078. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D04F7C8A9BA8FC5360E7230E177750D3142B6861
  4079. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4080. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4081. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4082. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0517~31bf3856ad364e35~amd64~~10.0.19041.5198.cat'; file='\Device\HarddiskVolume4\Windows\System32\ExplorerFrame.dll'
  4083. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4084. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  4085. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shcore.dll'.
  4086. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
  4087. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
  4088. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
  4089. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'advapi32.dll'.
  4090. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'imm32.dll'.
  4091. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
  4092. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'gdi32.dll'.
  4093. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'd2d1.dll'.
  4094. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ExplorerFrame.dll) WinVerifyTrust
  4095. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ExplorerFrame.dll
  4096. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
  4097. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume4\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
  4098. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4099. 26cc.908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4100. 26cc.908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4101. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4102. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4103. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4104. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4105. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  4106. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
  4107. 26cc.908: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
  4108. 26cc.908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
  4109. 26cc.908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  4110. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4111. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4112. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  4113. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  4114. 26cc.908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  4115. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4116. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4117. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4118. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4119. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4120. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4121. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4122. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4123. 26cc.908: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll
  4124. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4125. 26cc.908: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4126. 26cc.908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4127. 26cc.908: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  4128. 26cc.908: supR3HardenedDllNotificationCallback: load 00007ff8ec0e0000 LB 0x00021000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
  4129. 26cc.908: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
  4130. 26cc.908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ec0e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
  4131. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4132. 26cc.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4133. 26cc.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4134. 26cc.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4135. 26cc.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4136. 26cc.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4137. 26cc.3360: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4138. 26cc.3360: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
  4139. 26cc.3360: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  4140. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4141. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4142. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4143. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4144. 26cc.3360: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp140.dll
  4145. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4146. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4147. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4148. 26cc.3360: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4149. 26cc.3360: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4150. 26cc.3360: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  4151. 26cc.3360: supR3HardenedDllNotificationCallback: load 00007ff8ec140000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
  4152. 26cc.3360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
  4153. 26cc.3360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ec140000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
  4154. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
  4155. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4156. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd140000 'C:\WINDOWS\system32\Shell32.dll'
  4157. 26cc.3744: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Owner is administrators group.
  4158. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4159. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4160. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4161. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4162. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  4163. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
  4164. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
  4165. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'oleaut32.dll'.
  4166. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
  4167. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  4168. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  4169. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  4170. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4171. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4172. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4173. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4174. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4175. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4176. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4177. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4178. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4179. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4180. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4181. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  4182. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8d8250000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
  4183. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  4184. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8250000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
  4185. 26cc.3744: supR3HardenedDllNotificationCallback: Unload 00007ff8d8250000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
  4186. 26cc.3744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001250 pwszName=\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
  4187. 26cc.3744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  4188. 26cc.3744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  4189. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4190. 26cc.3744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=972AE3F7E63FDEAE0C93FEE56E88645DCCB3EC23
  4191. 26cc.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  4192. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  4193. 26cc.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\d2d1.dll) WinVerifyTrust
  4194. 26cc.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\d2d1.dll
  4195. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  4196. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  4197. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4198. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  4199. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4200. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4201. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  4202. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  4203. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll
  4204. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  4205. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  4206. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4207. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4208. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  4209. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  4210. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
  4211. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  4212. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  4213. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
  4214. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume4\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
  4215. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll
  4216. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  4217. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  4218. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  4219. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\explorerframe.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4220. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ExplorerFrame.dll
  4221. 26cc.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll
  4222. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4223. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8f87d0000 LB 0x005c0000 C:\WINDOWS\system32\d2d1.dll [fFlags=0x0]
  4224. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\d2d1.dll
  4225. 26cc.3a0: supR3HardenedDllNotificationCallback: load 00007ff8ef3a0000 LB 0x00257000 C:\WINDOWS\system32\explorerframe.dll [fFlags=0x0]
  4226. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ExplorerFrame.dll
  4227. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ef3a0000 'C:\WINDOWS\system32\explorerframe.dll'
  4228. 26cc.3744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.5247.cat'; file='\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll'
  4229. 26cc.3744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4230. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
  4231. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
  4232. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
  4233. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
  4234. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume4\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
  4235. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4236. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4237. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\vid.dll) WinVerifyTrust
  4238. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\vid.dll
  4239. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4240. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
  4241. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
  4242. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8f5b20000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\vid.dll [fFlags=0x0]
  4243. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
  4244. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8e7590000 LB 0x00026000 C:\WINDOWS\system32\WinHvPlatform.dll [fFlags=0x0]
  4245. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\WinHvPlatform.dll
  4246. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e7590000 'C:\WINDOWS\system32\WinHvPlatform.dll'
  4247. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vid.dll
  4248. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4249. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f5b20000 'C:\WINDOWS\system32\vid.dll'
  4250. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4251. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4252. 26cc.3744: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  4253. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) WinVerifyTrust
  4254. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  4255. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4256. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8feff0000 'C:\WINDOWS\system32\NTDLL.DLL'
  4257. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4258. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  4259. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4260. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4261. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4262. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4263. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4264. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4265. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  4266. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
  4267. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
  4268. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  4269. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
  4270. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
  4271. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
  4272. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
  4273. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
  4274. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
  4275. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
  4276. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
  4277. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4278. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4279. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
  4280. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  4281. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  4282. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  4283. 26cc.3744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
  4284. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  4285. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  4286. 26cc.3744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  4287. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  4288. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  4289. 26cc.3744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  4290. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4291. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4292. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
  4293. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
  4294. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  4295. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4296. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4297. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4298. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  4299. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
  4300. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
  4301. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4302. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
  4303. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
  4304. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4305. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4306. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4307. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4308. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4309. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4310. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4311. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4312. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  4313. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
  4314. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
  4315. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
  4316. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  4317. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4318. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4319. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4320. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4321. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4322. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4323. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  4324. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  4325. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  4326. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  4327. 26cc.3744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
  4328. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  4329. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  4330. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4331. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4332. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4333. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4334. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4335. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
  4336. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  4337. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4338. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  4339. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8d4100000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
  4340. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
  4341. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8b7d00000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
  4342. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4343. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8fba70000 LB 0x0003b000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
  4344. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
  4345. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8bc4f0000 LB 0x00a2c000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
  4346. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
  4347. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bc4f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
  4348. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4349. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4350. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  4351. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4352. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  4353. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8d8250000 LB 0x00081000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
  4354. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  4355. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8d8250000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
  4356. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4357. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4358. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
  4359. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4360. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ac810000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
  4361. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4362. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4363. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
  4364. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4365. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8b7d00000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
  4366. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4367. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4368. 26cc.3744: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Owner is administrators group.
  4369. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4370. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4371. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4372. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4373. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
  4374. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
  4375. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4376. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4377. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4378. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4379. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4380. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
  4381. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8ec0c0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
  4382. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
  4383. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ec0c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
  4384. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4385. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4386. 26cc.3744: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Owner is administrators group.
  4387. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4388. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4389. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4390. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4391. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
  4392. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  4393. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4394. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4395. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4396. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4397. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4398. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  4399. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8eaa30000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
  4400. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  4401. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8eaa30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
  4402. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4403. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4404. 26cc.3744: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Owner is administrators group.
  4405. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4406. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4407. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4408. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4409. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
  4410. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  4411. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4412. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4413. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4414. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4415. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4416. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  4417. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8ea990000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
  4418. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  4419. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
  4420. 26cc.2fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4421. 26cc.2fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4422. 26cc.2fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4423. 26cc.2fa0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4424. 26cc.2fa0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
  4425. 26cc.2fa0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  4426. 26cc.2fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4427. 26cc.2fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4428. 26cc.2fa0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4429. 26cc.2fa0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4430. 26cc.2fa0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\vcruntime140.dll
  4431. 26cc.2fa0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4432. 26cc.2fa0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  4433. 26cc.2fa0: supR3HardenedDllNotificationCallback: load 00007ff8e8420000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
  4434. 26cc.2fa0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
  4435. 26cc.2fa0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e8420000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
  4436. 26cc.30d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4437. 26cc.30d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4438. 26cc.30d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4439. 26cc.30d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4440. 26cc.30d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4441. 26cc.30d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4442. 26cc.30d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
  4443. 26cc.30d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  4444. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4445. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4446. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4447. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4448. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4449. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4450. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4451. 26cc.30d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4452. 26cc.30d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4453. 26cc.30d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  4454. 26cc.30d0: supR3HardenedDllNotificationCallback: load 00007ff8ea690000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
  4455. 26cc.30d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
  4456. 26cc.30d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea690000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
  4457. 26cc.1bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4458. 26cc.1bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4459. 26cc.1bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4460. 26cc.1bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
  4461. 26cc.1bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
  4462. 26cc.1bc0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
  4463. 26cc.1bc0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
  4464. 26cc.1bc0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  4465. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4466. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4467. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
  4468. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
  4469. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
  4470. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
  4471. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4472. 26cc.1bc0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4473. 26cc.1bc0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4474. 26cc.1bc0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  4475. 26cc.1bc0: supR3HardenedDllNotificationCallback: load 00007ff8e83d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
  4476. 26cc.1bc0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
  4477. 26cc.1bc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e83d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
  4478. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4479. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4480. 26cc.3744: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Owner is administrators group.
  4481. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4482. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4483. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
  4484. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  4485. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
  4486. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  4487. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  4488. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
  4489. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
  4490. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume4\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
  4491. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4492. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  4493. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8eca70000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
  4494. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  4495. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8eca70000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
  4496. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4497. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4498. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  4499. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
  4500. 26cc.3744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'devobj.dll'.
  4501. 26cc.3744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll) WinVerifyTrust
  4502. 26cc.3744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  4503. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
  4504. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
  4505. 26cc.3744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll
  4506. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4507. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4508. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  4509. 26cc.3744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  4510. 26cc.3744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
  4511. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
  4512. 26cc.3744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  4513. 26cc.3744: supR3HardenedDllNotificationCallback: load 00007ff8f28d0000 LB 0x00085000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
  4514. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  4515. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f28d0000 'C:\WINDOWS\System32\MMDevApi.dll'
  4516. 26cc.3744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  4517. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4518. 26cc.3744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f28d0000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
  4519. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll
  4520. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
  4521. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fd990000 'C:\WINDOWS\System32\MSCTF.dll'
  4522. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4523. 26cc.2fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  4524. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4525. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc7f0000 'C:\WINDOWS\System32\WINTRUST.DLL'
  4526. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\CRYPT32.dll'
  4527. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4528. 26cc.2fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
  4529. 26cc.2fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
  4530. 26cc.2fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll) WinVerifyTrust
  4531. 26cc.2fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
  4532. 26cc.2fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4533. 26cc.2fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4534. 26cc.2fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  4535. 26cc.2fd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  4536. 26cc.2fd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  4537. 26cc.2fd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
  4538. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4539. 26cc.2fd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
  4540. 26cc.2fd4: supR3HardenedDllNotificationCallback: load 00007ff8fbdc0000 LB 0x0006a000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
  4541. 26cc.2fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
  4542. 26cc.2fd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fbdc0000 'C:\WINDOWS\system32\mswsock.dll'
  4543. 26cc.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4544. 26cc.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4545. 26cc.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
  4546. 26cc.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
  4547. 26cc.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
  4548. 26cc.1354: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'mmdevapi.dll'.
  4549. 26cc.1354: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll) WinVerifyTrust
  4550. 26cc.1354: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
  4551. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  4552. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  4553. 26cc.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
  4554. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  4555. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  4556. 26cc.1354: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
  4557. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4558. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4559. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
  4560. 26cc.1354: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
  4561. 26cc.1354: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4562. 26cc.1354: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
  4563. 26cc.1354: supR3HardenedDllNotificationCallback: load 00007ff8f0450000 LB 0x00181000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
  4564. 26cc.1354: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
  4565. 26cc.1354: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8f0450000 'C:\WINDOWS\System32\AUDIOSES.DLL'
  4566. 26cc.2fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
  4567. 26cc.2fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
  4568. 26cc.2fd4: supR3HardenedDllNotificationCallback: load 00007ff8fbac0000 LB 0x000ca000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
  4569. 26cc.2fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
  4570. 26cc.2fd4: supR3HardenedDllNotificationCallback: load 00007ff8febb0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
  4571. 26cc.2fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
  4572. 26cc.2fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
  4573. 26cc.2fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  4574. 26cc.2fd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
  4575. 26cc.2fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
  4576. 26cc.2fd4: supR3HardenedDllNotificationCallback: load 00007ff8f6240000 LB 0x00017000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
  4577. 26cc.2fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
  4578. 26cc.2fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  4579. 26cc.2fd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
  4580. 26cc.2fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
  4581. 26cc.2fd4: supR3HardenedDllNotificationCallback: load 00007ff8f68d0000 LB 0x0001d000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
  4582. 26cc.2fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
  4583. 26cc.2fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  4584. 26cc.2fd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
  4585. 26cc.2fd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
  4586. 26cc.2fd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
  4587. 26cc.2fd4: supR3HardenedDllNotificationCallback: load 00007ff8f6fc0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
  4588. 26cc.2fd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
  4589. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  4590. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  4591. 26cc.3a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
  4592. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4593. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4594. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4595. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4596. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  4597. 26cc.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  4598. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4599. 26cc.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  4600. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4601. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc7f0000 'C:\WINDOWS\System32\WINTRUST.DLL'
  4602. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\CRYPT32.dll'
  4603. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4604. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
  4605. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f44 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
  4606. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  4607. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  4608. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=740E2B1196D9F01AD376694D1055FFD45F803926
  4609. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4610. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4611. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
  4612. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4613. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
  4614. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012bc pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
  4615. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000001b19e096400
  4616. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001b19e096400
  4617. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A56431C69FDD081884ADAA1F10C80307CE8E2412
  4618. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4619. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4620. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.5131.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
  4621. 26cc.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  4622. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
  4623. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4624. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4625. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll'
  4626. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fb690000 'C:\WINDOWS\system32\rsaenh.dll'
  4627. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fc690000 'C:\WINDOWS\System32\crypt32.dll'
  4628. 26cc.3a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll'
  4629. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
  4630. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4631. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fedf0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
  4632. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
  4633. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4634. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fedf0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
  4635. 26cc.3a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
  4636. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4637. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdf60000 'api-ms-win-core-com-l1-1-0.dll'
  4638. 26cc.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe610000 'C:\WINDOWS\system32\ole32.dll'
  4639. 26cc.2a14: KiUserExceptionDispatcher: 0xc0000005 (0000000000000000, 000001b2bc6f6001) @ 00007ff8ac83fe30 (flags=0x0)
  4640. rax=000000000011485b rbx=00000000000e485b rcx=0000000000000080 rdx=0000000000000000
  4641. rsi=0000000000092400 rdi=000001b2bc6f6002 r8 =00000000000e4800 r9 =0000000000000000
  4642. r10=0000000000000000 r11=0000000000000000 r12=000001b2bc0b3048 r13=0000000000000260
  4643. r14=0000000000030000 r15=0000000000000004 P1=000001b1a2c63040 P2=000001b1a2c7fbc5
  4644. rip=00007ff8ac83fe30 rsp=000000056aeff9e0 rbp=00000000000000b8 ctxflags=0010005f
  4645. cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010206 mxcrx=00001fa0
  4646. P3=000001b1a2c63040 P4=00007ff8ac9e3870 P5=0000000000000001 P6=000000056aeff3a0
  4647. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  4648. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000010 dcr=0000000000000000
  4649. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
  4650. 26cc.2a14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
  4651. 26cc.2a14: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  4652. 26cc.2a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fdab0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
  4653. 26cc.2a14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  4654. 26cc.2a14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  4655. 26cc.2a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8feff0000 'C:\WINDOWS\System32\ntdll.dll'
  4656. 2d2c.3588: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 929482 ms, the end);
  4657. cf8.22f4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 930740 ms, the end);
  4658.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!