seppdroid/tiny10-bimmertools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
70d7fda865833738f3d68ce1c3c2022923fad72e
tiny10-bimmertools/bimmertools/Logs/VBoxHardening.log
Sepp Jeremiah Morris 70d7fda865 upload
2024-11-18 22:59:17 +01:00

4567 lines
406 KiB
Plaintext
Raw Blame History

7758.3dfc: \SystemRoot\System32\ntdll.dll:
7758.3dfc: CreationTime: 2024-10-12T16:13:13.337096100Z
7758.3dfc: LastWriteTime: 2024-10-12T16:13:13.368170000Z
7758.3dfc: ChangeTime: 2024-10-15T19:50:08.320152600Z
7758.3dfc: FileAttributes: 0x20
7758.3dfc: Size: 0x216090
7758.3dfc: NT Headers: 0xe8
7758.3dfc: Timestamp: 0xf9f266e7
7758.3dfc: Machine: 0x8664 - amd64
7758.3dfc: Timestamp: 0xf9f266e7
7758.3dfc: Image Version: 10.0
7758.3dfc: SizeOfImage: 0x217000 (2191360)
7758.3dfc: Resource Dir: 0x1a0000 LB 0x759a8
7758.3dfc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7758.3dfc: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7758.3dfc: ProductName: Microsoft® Windows® Operating System
7758.3dfc: ProductVersion: 10.0.22621.4317
7758.3dfc: FileVersion: 10.0.22621.4317 (WinBuild.160101.0800)
7758.3dfc: FileDescription: NT Layer DLL
7758.3dfc: \SystemRoot\System32\kernel32.dll:
7758.3dfc: CreationTime: 2024-08-18T11:45:46.245614200Z
7758.3dfc: LastWriteTime: 2024-08-18T11:45:46.259376700Z
7758.3dfc: ChangeTime: 2024-10-12T16:14:17.580433400Z
7758.3dfc: FileAttributes: 0x20
7758.3dfc: Size: 0xc7168
7758.3dfc: NT Headers: 0xe8
7758.3dfc: Timestamp: 0xa9f358b9
7758.3dfc: Machine: 0x8664 - amd64
7758.3dfc: Timestamp: 0xa9f358b9
7758.3dfc: Image Version: 10.0
7758.3dfc: SizeOfImage: 0xc4000 (802816)
7758.3dfc: Resource Dir: 0xc2000 LB 0x520
7758.3dfc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7758.3dfc: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7758.3dfc: ProductName: Microsoft® Windows® Operating System
7758.3dfc: ProductVersion: 10.0.22621.3958
7758.3dfc: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
7758.3dfc: FileDescription: Windows NT BASE API Client DLL
7758.3dfc: \SystemRoot\System32\KernelBase.dll:
7758.3dfc: CreationTime: 2024-10-12T16:13:13.874348200Z
7758.3dfc: LastWriteTime: 2024-10-12T16:13:13.976987600Z
7758.3dfc: ChangeTime: 2024-10-15T19:50:07.879884900Z
7758.3dfc: FileAttributes: 0x20
7758.3dfc: Size: 0x3bdba0
7758.3dfc: NT Headers: 0xf8
7758.3dfc: Timestamp: 0xcf64c6a
7758.3dfc: Machine: 0x8664 - amd64
7758.3dfc: Timestamp: 0xcf64c6a
7758.3dfc: Image Version: 10.0
7758.3dfc: SizeOfImage: 0x3b7000 (3895296)
7758.3dfc: Resource Dir: 0x386000 LB 0x548
7758.3dfc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7758.3dfc: [Raw version resource data: 0x3860b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7758.3dfc: ProductName: Microsoft® Windows® Operating System
7758.3dfc: ProductVersion: 10.0.22621.4249
7758.3dfc: FileVersion: 10.0.22621.4249 (WinBuild.160101.0800)
7758.3dfc: FileDescription: Windows NT BASE API Client DLL
7758.3dfc: \SystemRoot\System32\apisetschema.dll:
7758.3dfc: CreationTime: 2024-08-18T11:45:33.363168100Z
7758.3dfc: LastWriteTime: 2024-08-18T11:45:33.366168300Z
7758.3dfc: ChangeTime: 2024-10-12T16:14:17.396998700Z
7758.3dfc: FileAttributes: 0x20
7758.3dfc: Size: 0x245e0
7758.3dfc: NT Headers: 0xc8
7758.3dfc: Timestamp: 0x8f476251
7758.3dfc: Machine: 0x8664 - amd64
7758.3dfc: Timestamp: 0x8f476251
7758.3dfc: Image Version: 10.0
7758.3dfc: SizeOfImage: 0x23000 (143360)
7758.3dfc: Resource Dir: 0x22000 LB 0x408
7758.3dfc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7758.3dfc: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7758.3dfc: ProductName: Microsoft® Windows® Operating System
7758.3dfc: ProductVersion: 10.0.22621.3958
7758.3dfc: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
7758.3dfc: FileDescription: ApiSet Schema DLL
7758.3dfc: supR3HardenedWinFindAdversaries: 0x0
7758.3dfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7758.3dfc: Calling main()
7758.3dfc: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
7758.3dfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7758.3dfc: SUPR3HardenedMain: Respawn #1
7758.3dfc: System32: \Device\HarddiskVolume3\Windows\System32
7758.3dfc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
7758.3dfc: KnownDllPath: C:\Windows\System32
7758.3dfc: supR3HardenedWinInit: Performing a limited self purification...
7758.3dfc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
7758.3dfc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
7758.3dfc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
7758.3dfc: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
7758.3dfc: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
7758.3dfc: 000000007ffea000-000000c1aa86ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000000c1aa870000-000000c1aa928fff 0x0000/0x0004 0x0020000
7758.3dfc: 000000c1aa929000-000000c1aa92bfff 0x0104/0x0004 0x0020000
7758.3dfc: 000000c1aa92c000-000000c1aa96ffff 0x0004/0x0004 0x0020000
7758.3dfc: 000000c1aa970000-000000c1aa9fffff 0x0001/0x0000 0x0000000
7758.3dfc: *000000c1aaa00000-000000c1aaa7cfff 0x0000/0x0004 0x0020000
7758.3dfc: 000000c1aaa7d000-000000c1aaa7ffff 0x0004/0x0004 0x0020000
7758.3dfc: 000000c1aaa80000-000000c1aabfffff 0x0000/0x0004 0x0020000
7758.3dfc: 000000c1aac00000-000002983e7bffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e7c0000-000002983e7cffff 0x0004/0x0004 0x0040000
7758.3dfc: *000002983e7d0000-000002983e7d2fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e7d3000-000002983e7dffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e7e0000-000002983e7fefff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e7ff000-000002983e7fffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e800000-000002983e803fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e804000-000002983e80ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e810000-000002983e810fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e811000-000002983e81ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e820000-000002983e821fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983e822000-000002983e82ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e830000-000002983e832fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e833000-000002983e83ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e840000-000002983e841fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983e842000-000002983e902fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983e903000-000002983e90ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e910000-000002983e9ddfff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e9de000-000002983e9dffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e9e0000-000002983e9e2fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e9e3000-000002983e9effff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983e9f0000-000002983e9f2fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983e9f3000-000002983e9fffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ea00000-000002983ea00fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983ea01000-000002983ea0ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ea10000-000002983ea10fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983ea11000-000002983ea1ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ea20000-000002983ea21fff 0x0002/0x0004 0x0020000
7758.3dfc: 000002983ea22000-000002983ea2ffff 0x0000/0x0004 0x0020000
7758.3dfc: *000002983ea30000-000002983ea49fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ea4a000-000002983eb2ffff 0x0000/0x0004 0x0020000
7758.3dfc: *000002983eb30000-000002983eb30fff 0x0002/0x0002 0x0040000
7758.3dfc: 000002983eb31000-000002983eb3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983eb40000-000002983eb41fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983eb42000-000002983ec02fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983ec03000-000002983ec0ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ec10000-000002983ec10fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ec11000-000002983ec1ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ec20000-000002983ec20fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ec21000-000002983ec2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ec30000-000002983ec30fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ec31000-000002983ec3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ec40000-000002983ec40fff 0x0002/0x0004 0x0020000
7758.3dfc: 000002983ec41000-000002983ec41fff 0x0020/0x0004 0x0020000 !!
7758.3dfc: 000002983ec42000-000002983ec4ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ec50000-000002983ec50fff 0x0002/0x0004 0x0020000
7758.3dfc: 000002983ec51000-000002983ec51fff 0x0020/0x0004 0x0020000 !!
7758.3dfc: 000002983ec52000-000002983ec5ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ec60000-000002983ed1ffff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ed20000-000002983ed2ffff 0x0000/0x0004 0x0020000
7758.3dfc: *000002983ed30000-000002983ed30fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ed31000-000002983ed3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ed40000-000002983ed41fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ed42000-000002983ee02fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983ee03000-000002983ee2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983ee30000-000002983ee3efff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ee3f000-000002983ee3ffff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983ee40000-000002983eecffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983eed0000-000002983ef8ffff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983ef90000-000002983ef9ffff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983efa0000-000002983f05ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983f060000-000002983f066fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983f067000-000002983f45ffff 0x0000/0x0004 0x0020000
7758.3dfc: *000002983f460000-000002983f461fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983f462000-000002983f522fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983f523000-000002983f52ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983f530000-000002983f531fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983f532000-000002983f5f2fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983f5f3000-000002983f63ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983f640000-000002983f67cfff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983f67d000-000002983fa3ffff 0x0000/0x0004 0x0020000
7758.3dfc: *000002983fa40000-000002983fa4bfff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983fa4c000-000002983fc63fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983fc64000-000002983fc64fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983fc65000-000002983fc6ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983fc70000-000002983fc71fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983fc72000-000002983fd32fff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983fd33000-000002983fd3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *000002983fd40000-000002983fd69fff 0x0004/0x0004 0x0020000
7758.3dfc: 000002983fd6a000-000002983fe3ffff 0x0000/0x0004 0x0020000
7758.3dfc: 000002983fe40000-00007df4a3edffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df4a3ee0000-00007df4a3eeffff 0x0002/0x0002 0x0020000
7758.3dfc: *00007df4a3ef0000-00007df4a3ef0fff 0x0002/0x0002 0x0020000
7758.3dfc: 00007df4a3ef1000-00007df4a3ef2fff 0x0020/0x0002 0x0020000 !!
7758.3dfc: 00007df4a3ef3000-00007df4a3efffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df4a3f00000-00007df4a3f0ffff 0x0004/0x0004 0x0020000
7758.3dfc: *00007df4a3f10000-00007df4a3f14fff 0x0002/0x0002 0x0040000
7758.3dfc: 00007df4a3f15000-00007df4a400ffff 0x0000/0x0002 0x0040000
7758.3dfc: *00007df4a4010000-00007df5a402ffff 0x0000/0x0004 0x0020000
7758.3dfc: *00007df5a4030000-00007df5a602ffff 0x0000/0x0004 0x0020000
7758.3dfc: 00007df5a6030000-00007df5a6030fff 0x0004/0x0004 0x0020000
7758.3dfc: 00007df5a6031000-00007df5a603ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6040000-00007df5a6040fff 0x0020/0x0004 0x0020000 !!
7758.3dfc: 00007df5a6041000-00007df5a604ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6050000-00007df5a6050fff 0x0002/0x0002 0x0040000
7758.3dfc: 00007df5a6051000-00007df5a605ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6060000-00007df5a78b4fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007df5a78b5000-00007df5a7a1afff 0x0001/0x0001 0x0040000
7758.3dfc: 00007df5a7a1b000-00007df5a7e38fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007df5a7e39000-00007df5a7e39fff 0x0001/0x0001 0x0040000
7758.3dfc: 00007df5a7e3a000-00007e0007010fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007e0007011000-00007e0007011fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007e0007012000-00007fed7c9e0fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007fed7c9e1000-00007fed7c9e1fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007fed7c9e2000-00007ff57f9e1fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff57f9e2000-00007ff57f9e6fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff57f9e7000-00007ff590270fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff590271000-00007ff59434dfff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff59434e000-00007ff594358fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff594359000-00007ff595baefff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff595baf000-00007ff595bb1fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff595bb2000-00007ff595cb3fff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff595cb4000-00007ff595cc3fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff595cc4000-00007ff595d1ffff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff595d20000-00007ff595d23fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff595d24000-00007ff595d5bfff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff595d5c000-00007ff595d65fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff595d66000-00007ff5a605ffff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff5a6060000-00007ff66608ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ff666090000-00007ff666090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666091000-00007ff6660fbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff6660fc000-00007ff6660fcfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff6660fd000-00007ff666150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666151000-00007ff666153fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666154000-00007ff666156fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666157000-00007ff666159fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff66615a000-00007ff66615afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff66615b000-00007ff66615cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff66615d000-00007ff66615dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff66615e000-00007ff666197fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666198000-00007ffb8bb7ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffb8bb80000-00007ffb8bb80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bb80000 LB 0x1000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bb81000-00007ffb8bc21fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bb81000 LB 0xa1000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bc22000-00007ffb8bd12fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bc22000 LB 0xf1000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd13000-00007ffb8bd13fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd13000 LB 0x1000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd14000-00007ffb8bd1ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd14000 LB 0xc000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd20000-00007ffb8bd26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd20000 LB 0x7000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd27000-00007ffb8bd27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd27000 LB 0x1000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd28000-00007ffb8bd29fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd28000 LB 0x2000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd2a000-00007ffb8bd3cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\atcuf\dlls_267426639802711145\atcuf64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd2a000 LB 0x13000 (base 00007ffb8bb80000) - 'atcuf64.dll'
7758.3dfc: 00007ffb8bd3d000-00007ffb8bd3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffb8bd40000-00007ffb8bd40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_267023712359186263\bdhkm64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd40000 LB 0x1000 (base 00007ffb8bd40000) - 'bdhkm64.dll'
7758.3dfc: 00007ffb8bd41000-00007ffb8bd77fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_267023712359186263\bdhkm64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd41000 LB 0x37000 (base 00007ffb8bd40000) - 'bdhkm64.dll'
7758.3dfc: 00007ffb8bd78000-00007ffb8be0dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_267023712359186263\bdhkm64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8bd78000 LB 0x96000 (base 00007ffb8bd40000) - 'bdhkm64.dll'
7758.3dfc: 00007ffb8be0e000-00007ffb8be0ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_267023712359186263\bdhkm64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8be0e000 LB 0x2000 (base 00007ffb8bd40000) - 'bdhkm64.dll'
7758.3dfc: 00007ffb8be10000-00007ffb8be1afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdhkm\dlls_267023712359186263\bdhkm64.dll
7758.3dfc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8be10000 LB 0xb000 (base 00007ffb8bd40000) - 'bdhkm64.dll'
7758.3dfc: 00007ffb8be1b000-00007ffbed3bffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbed3c0000-00007ffbed3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
7758.3dfc: 00007ffbed3c1000-00007ffbed412fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
7758.3dfc: 00007ffbed413000-00007ffbed436fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
7758.3dfc: 00007ffbed437000-00007ffbed439fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
7758.3dfc: 00007ffbed43a000-00007ffbed456fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apphelp.dll
7758.3dfc: 00007ffbed457000-00007ffbf151ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbf1520000-00007ffbf1520fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7758.3dfc: 00007ffbf1521000-00007ffbf16befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7758.3dfc: 00007ffbf16bf000-00007ffbf1884fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7758.3dfc: 00007ffbf1885000-00007ffbf1889fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7758.3dfc: 00007ffbf188a000-00007ffbf188afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7758.3dfc: 00007ffbf188b000-00007ffbf18d6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
7758.3dfc: 00007ffbf18d7000-00007ffbf300ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbf3010000-00007ffbf3010fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7758.3dfc: 00007ffbf3011000-00007ffbf3091fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7758.3dfc: 00007ffbf3092000-00007ffbf30c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7758.3dfc: 00007ffbf30c9000-00007ffbf30c9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7758.3dfc: 00007ffbf30ca000-00007ffbf30cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7758.3dfc: 00007ffbf30cb000-00007ffbf30d3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
7758.3dfc: 00007ffbf30d4000-00007ffbf3f2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbf3f30000-00007ffbf3f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf3f31000-00007ffbf4061fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf4062000-00007ffbf40affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40b0000-00007ffbf40b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40b1000-00007ffbf40b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40b3000-00007ffbf40bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40bc000-00007ffbf4146fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf4147000-00007ffbf414ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbf4150000-00007ffbf4152fff 0x0020/0x0020 0x0020000 !!
7758.3dfc: 00007ffbf4153000-00007ffbf415ffff 0x0002/0x0020 0x0020000
7758.3dfc: *00007ffbf4160000-00007ffbf4160fff 0x0020/0x0020 0x0020000 !!
7758.3dfc: 00007ffbf4161000-00007ffbf416ffff 0x0002/0x0020 0x0020000
7758.3dfc: 00007ffbf4170000-00007ffffffeffff 0x0001/0x0000 0x0000000
7758.3dfc: kernel32.dll: timestamp 0xa9f358b9 (rc=VINF_SUCCESS)
7758.3dfc: kernelbase.dll: timestamp 0xcf64c6a (rc=VINF_SUCCESS)
7758.3dfc: apphelp.dll: timestamp 0x114ea630 (rc=VINF_SUCCESS)
7758.3dfc: VBoxHeadless.exe: timestamp 0x670807b2 (rc=VINF_SUCCESS)
7758.3dfc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7758.3dfc: VBoxHeadless.exe: Differences in section #7 (.00cfg) between file and memory:
7758.3dfc: 00007ff666165000 / 0x00d5000: 10 != f0
7758.3dfc: 00007ff666165001 / 0x00d5001: e3 != f0
7758.3dfc: 00007ff666165002 / 0x00d5002: 0a != fb
7758.3dfc: 00007ff666165003 / 0x00d5003: 66 != f3
7758.3dfc: 00007ff666165004 / 0x00d5004: f6 != fb
7758.3dfc: 00007ff666165008 / 0x00d5008: 10 != f0
7758.3dfc: 00007ff666165009 / 0x00d5009: e3 != f0
7758.3dfc: 00007ff66616500a / 0x00d500a: 0a != fb
7758.3dfc: 00007ff66616500b / 0x00d500b: 66 != f3
7758.3dfc: 00007ff66616500c / 0x00d500c: f6 != fb
7758.3dfc: 00007ff666165010 / 0x00d5010: 00 != 30
7758.3dfc: 00007ff666165011 / 0x00d5011: b1 != f2
7758.3dfc: 00007ff666165012 / 0x00d5012: 0f != fb
7758.3dfc: 00007ff666165013 / 0x00d5013: 66 != f3
7758.3dfc: 00007ff666165014 / 0x00d5014: f6 != fb
7758.3dfc: 00007ff666165018 / 0x00d5018: 20 != 30
7758.3dfc: 00007ff666165019 / 0x00d5019: b1 != f2
7758.3dfc: 00007ff66616501a / 0x00d501a: 0f != fb
7758.3dfc: 00007ff66616501b / 0x00d501b: 66 != f3
7758.3dfc: 00007ff66616501c / 0x00d501c: f6 != fb
7758.3dfc: 00007ff666165020 / 0x00d5020: 20 != 30
7758.3dfc: 00007ff666165021 / 0x00d5021: b1 != f2
7758.3dfc: 00007ff666165022 / 0x00d5022: 0f != fb
7758.3dfc: 00007ff666165023 / 0x00d5023: 66 != f3
7758.3dfc: 00007ff666165024 / 0x00d5024: f6 != fb
7758.3dfc: Restored 0x28 bytes of original file content at 00007ff666165000
7758.3dfc: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:
7758.3dfc: 00007ff666196b2c / 0x0106b2c: 00 != 50
7758.3dfc: 00007ff666196b2d / 0x0106b2d: 00 != 41
7758.3dfc: 00007ff666196b2e / 0x0106b2e: 00 != 44
7758.3dfc: 00007ff666196b2f / 0x0106b2f: 00 != 44
7758.3dfc: 00007ff666196b30 / 0x0106b30: 00 != 49
7758.3dfc: 00007ff666196b31 / 0x0106b31: 00 != 4e
7758.3dfc: 00007ff666196b32 / 0x0106b32: 00 != 47
7758.3dfc: 00007ff666196b33 / 0x0106b33: 00 != 58
7758.3dfc: 00007ff666196b34 / 0x0106b34: 00 != 58
7758.3dfc: 00007ff666196b35 / 0x0106b35: 00 != 50
7758.3dfc: 00007ff666196b36 / 0x0106b36: 00 != 41
7758.3dfc: 00007ff666196b37 / 0x0106b37: 00 != 44
7758.3dfc: 00007ff666196b38 / 0x0106b38: 00 != 44
7758.3dfc: 00007ff666196b39 / 0x0106b39: 00 != 49
7758.3dfc: 00007ff666196b3a / 0x0106b3a: 00 != 4e
7758.3dfc: 00007ff666196b3b / 0x0106b3b: 00 != 47
7758.3dfc: 00007ff666196b3c / 0x0106b3c: 00 != 50
7758.3dfc: 00007ff666196b3d / 0x0106b3d: 00 != 41
7758.3dfc: 00007ff666196b3e / 0x0106b3e: 00 != 44
7758.3dfc: 00007ff666196b3f / 0x0106b3f: 00 != 44
7758.3dfc: 00007ff666196b40 / 0x0106b40: 00 != 49
7758.3dfc: 00007ff666196b41 / 0x0106b41: 00 != 4e
7758.3dfc: 00007ff666196b42 / 0x0106b42: 00 != 47
7758.3dfc: 00007ff666196b43 / 0x0106b43: 00 != 58
7758.3dfc: 00007ff666196b44 / 0x0106b44: 00 != 58
7758.3dfc: 00007ff666196b45 / 0x0106b45: 00 != 50
7758.3dfc: 00007ff666196b46 / 0x0106b46: 00 != 41
7758.3dfc: 00007ff666196b47 / 0x0106b47: 00 != 44
7758.3dfc: 00007ff666196b48 / 0x0106b48: 00 != 44
7758.3dfc: 00007ff666196b49 / 0x0106b49: 00 != 49
7758.3dfc: 00007ff666196b4a / 0x0106b4a: 00 != 4e
7758.3dfc: 00007ff666196b4b / 0x0106b4b: 00 != 47
7758.3dfc: 00007ff666196b4c / 0x0106b4c: 00 != 50
7758.3dfc: 00007ff666196b4d / 0x0106b4d: 00 != 41
7758.3dfc: 00007ff666196b4e / 0x0106b4e: 00 != 44
7758.3dfc: 00007ff666196b4f / 0x0106b4f: 00 != 44
7758.3dfc: 00007ff666196b50 / 0x0106b50: 00 != 49
7758.3dfc: 00007ff666196b51 / 0x0106b51: 00 != 4e
7758.3dfc: 00007ff666196b52 / 0x0106b52: 00 != 47
7758.3dfc: 00007ff666196b53 / 0x0106b53: 00 != 58
7758.3dfc: 00007ff666196b54 / 0x0106b54: 00 != 58
7758.3dfc: 00007ff666196b55 / 0x0106b55: 00 != 50
7758.3dfc: 00007ff666196b56 / 0x0106b56: 00 != 41
7758.3dfc: 00007ff666196b57 / 0x0106b57: 00 != 44
7758.3dfc: 00007ff666196b58 / 0x0106b58: 00 != 44
7758.3dfc: 00007ff666196b59 / 0x0106b59: 00 != 49
7758.3dfc: 00007ff666196b5a / 0x0106b5a: 00 != 4e
7758.3dfc: 00007ff666196b5b / 0x0106b5b: 00 != 47
7758.3dfc: 00007ff666196b5c / 0x0106b5c: 00 != 50
7758.3dfc: 00007ff666196b5d / 0x0106b5d: 00 != 41
7758.3dfc: 00007ff666196b5e / 0x0106b5e: 00 != 44
7758.3dfc: 00007ff666196b5f / 0x0106b5f: 00 != 44
7758.3dfc: 00007ff666196b60 / 0x0106b60: 00 != 49
7758.3dfc: 00007ff666196b61 / 0x0106b61: 00 != 4e
7758.3dfc: 00007ff666196b62 / 0x0106b62: 00 != 47
7758.3dfc: 00007ff666196b63 / 0x0106b63: 00 != 58
7758.3dfc: 00007ff666196b64 / 0x0106b64: 00 != 58
7758.3dfc: 00007ff666196b65 / 0x0106b65: 00 != 50
7758.3dfc: 00007ff666196b66 / 0x0106b66: 00 != 41
7758.3dfc: 00007ff666196b67 / 0x0106b67: 00 != 44
7758.3dfc: 00007ff666196b68 / 0x0106b68: 00 != 44
7758.3dfc: 00007ff666196b69 / 0x0106b69: 00 != 49
7758.3dfc: 00007ff666196b6a / 0x0106b6a: 00 != 4e
7758.3dfc: 00007ff666196b6b / 0x0106b6b: 00 != 47
7758.3dfc: 00007ff666196b6c / 0x0106b6c: 00 != 50
7758.3dfc: 00007ff666196b6d / 0x0106b6d: 00 != 41
7758.3dfc: 00007ff666196b6e / 0x0106b6e: 00 != 44
7758.3dfc: 00007ff666196b6f / 0x0106b6f: 00 != 44
7758.3dfc: 00007ff666196b70 / 0x0106b70: 00 != 49
7758.3dfc: 00007ff666196b71 / 0x0106b71: 00 != 4e
7758.3dfc: 00007ff666196b72 / 0x0106b72: 00 != 47
7758.3dfc: 00007ff666196b73 / 0x0106b73: 00 != 58
7758.3dfc: 00007ff666196b74 / 0x0106b74: 00 != 58
7758.3dfc: 00007ff666196b75 / 0x0106b75: 00 != 50
7758.3dfc: 00007ff666196b76 / 0x0106b76: 00 != 41
7758.3dfc: 00007ff666196b77 / 0x0106b77: 00 != 44
7758.3dfc: 00007ff666196b78 / 0x0106b78: 00 != 44
7758.3dfc: 00007ff666196b79 / 0x0106b79: 00 != 49
7758.3dfc: 00007ff666196b7a / 0x0106b7a: 00 != 4e
7758.3dfc: 00007ff666196b7b / 0x0106b7b: 00 != 47
7758.3dfc: 00007ff666196b7c / 0x0106b7c: 00 != 50
7758.3dfc: 00007ff666196b7d / 0x0106b7d: 00 != 41
7758.3dfc: 00007ff666196b7e / 0x0106b7e: 00 != 44
7758.3dfc: 00007ff666196b7f / 0x0106b7f: 00 != 44
7758.3dfc: 00007ff666196b80 / 0x0106b80: 00 != 49
7758.3dfc: 00007ff666196b81 / 0x0106b81: 00 != 4e
7758.3dfc: 00007ff666196b82 / 0x0106b82: 00 != 47
7758.3dfc: 00007ff666196b83 / 0x0106b83: 00 != 58
7758.3dfc: 00007ff666196b84 / 0x0106b84: 00 != 58
7758.3dfc: 00007ff666196b85 / 0x0106b85: 00 != 50
7758.3dfc: 00007ff666196b86 / 0x0106b86: 00 != 41
7758.3dfc: 00007ff666196b87 / 0x0106b87: 00 != 44
7758.3dfc: 00007ff666196b88 / 0x0106b88: 00 != 44
7758.3dfc: 00007ff666196b89 / 0x0106b89: 00 != 49
7758.3dfc: 00007ff666196b8a / 0x0106b8a: 00 != 4e
7758.3dfc: 00007ff666196b8b / 0x0106b8b: 00 != 47
7758.3dfc: 00007ff666196b8c / 0x0106b8c: 00 != 50
7758.3dfc: 00007ff666196b8d / 0x0106b8d: 00 != 41
7758.3dfc: 00007ff666196b8e / 0x0106b8e: 00 != 44
7758.3dfc: 00007ff666196b8f / 0x0106b8f: 00 != 44
7758.3dfc: 00007ff666196b90 / 0x0106b90: 00 != 49
7758.3dfc: 00007ff666196b91 / 0x0106b91: 00 != 4e
7758.3dfc: 00007ff666196b92 / 0x0106b92: 00 != 47
7758.3dfc: 00007ff666196b93 / 0x0106b93: 00 != 58
7758.3dfc: 00007ff666196b94 / 0x0106b94: 00 != 58
7758.3dfc: 00007ff666196b95 / 0x0106b95: 00 != 50
7758.3dfc: 00007ff666196b96 / 0x0106b96: 00 != 41
7758.3dfc: 00007ff666196b97 / 0x0106b97: 00 != 44
7758.3dfc: 00007ff666196b98 / 0x0106b98: 00 != 44
7758.3dfc: 00007ff666196b99 / 0x0106b99: 00 != 49
7758.3dfc: 00007ff666196b9a / 0x0106b9a: 00 != 4e
7758.3dfc: 00007ff666196b9b / 0x0106b9b: 00 != 47
7758.3dfc: 00007ff666196b9c / 0x0106b9c: 00 != 50
7758.3dfc: 00007ff666196b9d / 0x0106b9d: 00 != 41
7758.3dfc: 00007ff666196b9e / 0x0106b9e: 00 != 44
7758.3dfc: 00007ff666196b9f / 0x0106b9f: 00 != 44
7758.3dfc: 00007ff666196ba0 / 0x0106ba0: 00 != 49
7758.3dfc: 00007ff666196ba1 / 0x0106ba1: 00 != 4e
7758.3dfc: 00007ff666196ba2 / 0x0106ba2: 00 != 47
7758.3dfc: 00007ff666196ba3 / 0x0106ba3: 00 != 58
7758.3dfc: 00007ff666196ba4 / 0x0106ba4: 00 != 58
7758.3dfc: 00007ff666196ba5 / 0x0106ba5: 00 != 50
7758.3dfc: 00007ff666196ba6 / 0x0106ba6: 00 != 41
7758.3dfc: 00007ff666196ba7 / 0x0106ba7: 00 != 44
7758.3dfc: 00007ff666196ba8 / 0x0106ba8: 00 != 44
7758.3dfc: 00007ff666196ba9 / 0x0106ba9: 00 != 49
7758.3dfc: 00007ff666196baa / 0x0106baa: 00 != 4e
7758.3dfc: 00007ff666196bab / 0x0106bab: 00 != 47
7758.3dfc: 00007ff666196bac / 0x0106bac: 00 != 50
7758.3dfc: 00007ff666196bad / 0x0106bad: 00 != 41
7758.3dfc: 00007ff666196bae / 0x0106bae: 00 != 44
7758.3dfc: 00007ff666196baf / 0x0106baf: 00 != 44
7758.3dfc: 00007ff666196bb0 / 0x0106bb0: 00 != 49
7758.3dfc: 00007ff666196bb1 / 0x0106bb1: 00 != 4e
7758.3dfc: 00007ff666196bb2 / 0x0106bb2: 00 != 47
7758.3dfc: 00007ff666196bb3 / 0x0106bb3: 00 != 58
7758.3dfc: 00007ff666196bb4 / 0x0106bb4: 00 != 58
7758.3dfc: 00007ff666196bb5 / 0x0106bb5: 00 != 50
7758.3dfc: 00007ff666196bb6 / 0x0106bb6: 00 != 41
7758.3dfc: 00007ff666196bb7 / 0x0106bb7: 00 != 44
7758.3dfc: 00007ff666196bb8 / 0x0106bb8: 00 != 44
7758.3dfc: 00007ff666196bb9 / 0x0106bb9: 00 != 49
7758.3dfc: 00007ff666196bba / 0x0106bba: 00 != 4e
7758.3dfc: 00007ff666196bbb / 0x0106bbb: 00 != 47
7758.3dfc: 00007ff666196bbc / 0x0106bbc: 00 != 50
7758.3dfc: 00007ff666196bbd / 0x0106bbd: 00 != 41
7758.3dfc: 00007ff666196bbe / 0x0106bbe: 00 != 44
7758.3dfc: 00007ff666196bbf / 0x0106bbf: 00 != 44
7758.3dfc: 00007ff666196bc0 / 0x0106bc0: 00 != 49
7758.3dfc: 00007ff666196bc1 / 0x0106bc1: 00 != 4e
7758.3dfc: 00007ff666196bc2 / 0x0106bc2: 00 != 47
7758.3dfc: 00007ff666196bc3 / 0x0106bc3: 00 != 58
7758.3dfc: 00007ff666196bc4 / 0x0106bc4: 00 != 58
7758.3dfc: 00007ff666196bc5 / 0x0106bc5: 00 != 50
7758.3dfc: 00007ff666196bc6 / 0x0106bc6: 00 != 41
7758.3dfc: 00007ff666196bc7 / 0x0106bc7: 00 != 44
7758.3dfc: 00007ff666196bc8 / 0x0106bc8: 00 != 44
7758.3dfc: 00007ff666196bc9 / 0x0106bc9: 00 != 49
7758.3dfc: 00007ff666196bca / 0x0106bca: 00 != 4e
7758.3dfc: 00007ff666196bcb / 0x0106bcb: 00 != 47
7758.3dfc: 00007ff666196bcc / 0x0106bcc: 00 != 50
7758.3dfc: 00007ff666196bcd / 0x0106bcd: 00 != 41
7758.3dfc: 00007ff666196bce / 0x0106bce: 00 != 44
7758.3dfc: 00007ff666196bcf / 0x0106bcf: 00 != 44
7758.3dfc: 00007ff666196bd0 / 0x0106bd0: 00 != 49
7758.3dfc: 00007ff666196bd1 / 0x0106bd1: 00 != 4e
7758.3dfc: 00007ff666196bd2 / 0x0106bd2: 00 != 47
7758.3dfc: 00007ff666196bd3 / 0x0106bd3: 00 != 58
7758.3dfc: 00007ff666196bd4 / 0x0106bd4: 00 != 58
7758.3dfc: 00007ff666196bd5 / 0x0106bd5: 00 != 50
7758.3dfc: 00007ff666196bd6 / 0x0106bd6: 00 != 41
7758.3dfc: 00007ff666196bd7 / 0x0106bd7: 00 != 44
7758.3dfc: 00007ff666196bd8 / 0x0106bd8: 00 != 44
7758.3dfc: 00007ff666196bd9 / 0x0106bd9: 00 != 49
7758.3dfc: 00007ff666196bda / 0x0106bda: 00 != 4e
7758.3dfc: 00007ff666196bdb / 0x0106bdb: 00 != 47
7758.3dfc: 00007ff666196bdc / 0x0106bdc: 00 != 50
7758.3dfc: 00007ff666196bdd / 0x0106bdd: 00 != 41
7758.3dfc: 00007ff666196bde / 0x0106bde: 00 != 44
7758.3dfc: 00007ff666196bdf / 0x0106bdf: 00 != 44
7758.3dfc: 00007ff666196be0 / 0x0106be0: 00 != 49
7758.3dfc: 00007ff666196be1 / 0x0106be1: 00 != 4e
7758.3dfc: 00007ff666196be2 / 0x0106be2: 00 != 47
7758.3dfc: 00007ff666196be3 / 0x0106be3: 00 != 58
7758.3dfc: 00007ff666196be4 / 0x0106be4: 00 != 58
7758.3dfc: 00007ff666196be5 / 0x0106be5: 00 != 50
7758.3dfc: 00007ff666196be6 / 0x0106be6: 00 != 41
7758.3dfc: 00007ff666196be7 / 0x0106be7: 00 != 44
7758.3dfc: 00007ff666196be8 / 0x0106be8: 00 != 44
7758.3dfc: 00007ff666196be9 / 0x0106be9: 00 != 49
7758.3dfc: 00007ff666196bea / 0x0106bea: 00 != 4e
7758.3dfc: 00007ff666196beb / 0x0106beb: 00 != 47
7758.3dfc: 00007ff666196bec / 0x0106bec: 00 != 50
7758.3dfc: 00007ff666196bed / 0x0106bed: 00 != 41
7758.3dfc: 00007ff666196bee / 0x0106bee: 00 != 44
7758.3dfc: 00007ff666196bef / 0x0106bef: 00 != 44
7758.3dfc: 00007ff666196bf0 / 0x0106bf0: 00 != 49
7758.3dfc: 00007ff666196bf1 / 0x0106bf1: 00 != 4e
7758.3dfc: 00007ff666196bf2 / 0x0106bf2: 00 != 47
7758.3dfc: 00007ff666196bf3 / 0x0106bf3: 00 != 58
7758.3dfc: 00007ff666196bf4 / 0x0106bf4: 00 != 58
7758.3dfc: 00007ff666196bf5 / 0x0106bf5: 00 != 50
7758.3dfc: 00007ff666196bf6 / 0x0106bf6: 00 != 41
7758.3dfc: 00007ff666196bf7 / 0x0106bf7: 00 != 44
7758.3dfc: 00007ff666196bf8 / 0x0106bf8: 00 != 44
7758.3dfc: 00007ff666196bf9 / 0x0106bf9: 00 != 49
7758.3dfc: 00007ff666196bfa / 0x0106bfa: 00 != 4e
7758.3dfc: 00007ff666196bfb / 0x0106bfb: 00 != 47
7758.3dfc: 00007ff666196bfc / 0x0106bfc: 00 != 50
7758.3dfc: 00007ff666196bfd / 0x0106bfd: 00 != 41
7758.3dfc: 00007ff666196bfe / 0x0106bfe: 00 != 44
7758.3dfc: 00007ff666196bff / 0x0106bff: 00 != 44
7758.3dfc: Restored 0x4d4 bytes of original file content at 00007ff666196b2c
7758.3dfc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3f31320 / 0x0001320: 48 != e9
7758.3dfc: 00007ffbf3f31321 / 0x0001321: 89 != 7b
7758.3dfc: 00007ffbf3f31322 / 0x0001322: 5c != 10
7758.3dfc: 00007ffbf3f31323 / 0x0001323: 24 != 22
7758.3dfc: 00007ffbf3f31324 / 0x0001324: 20 != 00
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3f31000
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3f548a0 / 0x00248a0: 4c != e9
7758.3dfc: 00007ffbf3f548a1 / 0x00248a1: 89 != 1b
7758.3dfc: 00007ffbf3f548a2 / 0x00248a2: 4c != b8
7758.3dfc: 00007ffbf3f548a3 / 0x00248a3: 24 != 1f
7758.3dfc: 00007ffbf3f548a4 / 0x00248a4: 20 != 00
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3f53000
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3fd01c0 / 0x00a01c0: 4c != e9
7758.3dfc: 00007ffbf3fd01c1 / 0x00a01c1: 8b != 7b
7758.3dfc: 00007ffbf3fd01c2 / 0x00a01c2: d1 != 1b
7758.3dfc: 00007ffbf3fd01c3 / 0x00a01c3: b8 != 18
7758.3dfc: 00007ffbf3fd01c4 / 0x00a01c4: 08 != 00
7758.3dfc: 00007ffbf3fd01c5 / 0x00a01c5: 00 != cc
7758.3dfc: 00007ffbf3fd01c6 / 0x00a01c6: 00 != cc
7758.3dfc: 00007ffbf3fd01c7 / 0x00a01c7: 00 != cc
7758.3dfc: 00007ffbf3fd0260 / 0x00a0260: 4c != e9
7758.3dfc: 00007ffbf3fd0261 / 0x00a0261: 8b != bb
7758.3dfc: 00007ffbf3fd0262 / 0x00a0262: d1 != 13
7758.3dfc: 00007ffbf3fd0263 / 0x00a0263: b8 != 18
7758.3dfc: 00007ffbf3fd0264 / 0x00a0264: 0d != 00
7758.3dfc: 00007ffbf3fd0265 / 0x00a0265: 00 != cc
7758.3dfc: 00007ffbf3fd0266 / 0x00a0266: 00 != cc
7758.3dfc: 00007ffbf3fd0267 / 0x00a0267: 00 != cc
7758.3dfc: 00007ffbf3fd02a0 / 0x00a02a0: 4c != e9
7758.3dfc: 00007ffbf3fd02a1 / 0x00a02a1: 8b != fb
7758.3dfc: 00007ffbf3fd02a2 / 0x00a02a2: d1 != 02
7758.3dfc: 00007ffbf3fd02a3 / 0x00a02a3: b8 != 18
7758.3dfc: 00007ffbf3fd02a4 / 0x00a02a4: 0f != 00
7758.3dfc: 00007ffbf3fd02a5 / 0x00a02a5: 00 != cc
7758.3dfc: 00007ffbf3fd02a6 / 0x00a02a6: 00 != cc
7758.3dfc: 00007ffbf3fd02a7 / 0x00a02a7: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3fce2ce
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3fd03e0 / 0x00a03e0: 4c != e9
7758.3dfc: 00007ffbf3fd03e1 / 0x00a03e1: 8b != 3b
7758.3dfc: 00007ffbf3fd03e2 / 0x00a03e2: d1 != 18
7758.3dfc: 00007ffbf3fd03e3 / 0x00a03e3: b8 != 18
7758.3dfc: 00007ffbf3fd03e4 / 0x00a03e4: 19 != 00
7758.3dfc: 00007ffbf3fd03e5 / 0x00a03e5: 00 != cc
7758.3dfc: 00007ffbf3fd03e6 / 0x00a03e6: 00 != cc
7758.3dfc: 00007ffbf3fd03e7 / 0x00a03e7: 00 != cc
7758.3dfc: 00007ffbf3fd0440 / 0x00a0440: 4c != e9
7758.3dfc: 00007ffbf3fd0441 / 0x00a0441: 8b != db
7758.3dfc: 00007ffbf3fd0442 / 0x00a0442: d1 != 20
7758.3dfc: 00007ffbf3fd0443 / 0x00a0443: b8 != 18
7758.3dfc: 00007ffbf3fd0444 / 0x00a0444: 1c != 00
7758.3dfc: 00007ffbf3fd0445 / 0x00a0445: 00 != cc
7758.3dfc: 00007ffbf3fd0446 / 0x00a0446: 00 != cc
7758.3dfc: 00007ffbf3fd0447 / 0x00a0447: 00 != cc
7758.3dfc: 00007ffbf3fd0580 / 0x00a0580: 4c != e9
7758.3dfc: 00007ffbf3fd0581 / 0x00a0581: 8b != 3b
7758.3dfc: 00007ffbf3fd0582 / 0x00a0582: d1 != 04
7758.3dfc: 00007ffbf3fd0583 / 0x00a0583: b8 != 18
7758.3dfc: 00007ffbf3fd0584 / 0x00a0584: 26 != 00
7758.3dfc: 00007ffbf3fd0585 / 0x00a0585: 00 != cc
7758.3dfc: 00007ffbf3fd0586 / 0x00a0586: 00 != cc
7758.3dfc: 00007ffbf3fd0587 / 0x00a0587: 00 != cc
7758.3dfc: 00007ffbf3fd05c0 / 0x00a05c0: 4c != e9
7758.3dfc: 00007ffbf3fd05c1 / 0x00a05c1: 8b != fb
7758.3dfc: 00007ffbf3fd05c2 / 0x00a05c2: d1 != 06
7758.3dfc: 00007ffbf3fd05c3 / 0x00a05c3: b8 != 18
7758.3dfc: 00007ffbf3fd05c4 / 0x00a05c4: 28 != 00
7758.3dfc: 00007ffbf3fd05c5 / 0x00a05c5: 00 != cc
7758.3dfc: 00007ffbf3fd05c6 / 0x00a05c6: 00 != cc
7758.3dfc: 00007ffbf3fd05c7 / 0x00a05c7: 00 != cc
7758.3dfc: 00007ffbf3fd0600 / 0x00a0600: 4c != e9
7758.3dfc: 00007ffbf3fd0601 / 0x00a0601: 8b != 5b
7758.3dfc: 00007ffbf3fd0602 / 0x00a0602: d1 != 12
7758.3dfc: 00007ffbf3fd0603 / 0x00a0603: b8 != 18
7758.3dfc: 00007ffbf3fd0604 / 0x00a0604: 2a != 00
7758.3dfc: 00007ffbf3fd0605 / 0x00a0605: 00 != cc
7758.3dfc: 00007ffbf3fd0606 / 0x00a0606: 00 != cc
7758.3dfc: 00007ffbf3fd0607 / 0x00a0607: 00 != cc
7758.3dfc: 00007ffbf3fd0640 / 0x00a0640: 4c != e9
7758.3dfc: 00007ffbf3fd0641 / 0x00a0641: 8b != bb
7758.3dfc: 00007ffbf3fd0642 / 0x00a0642: d1 != f9
7758.3dfc: 00007ffbf3fd0643 / 0x00a0643: b8 != 17
7758.3dfc: 00007ffbf3fd0644 / 0x00a0644: 2c != 00
7758.3dfc: 00007ffbf3fd0645 / 0x00a0645: 00 != cc
7758.3dfc: 00007ffbf3fd0646 / 0x00a0646: 00 != cc
7758.3dfc: 00007ffbf3fd0647 / 0x00a0647: 00 != cc
7758.3dfc: 00007ffbf3fd0800 / 0x00a0800: 4c != e9
7758.3dfc: 00007ffbf3fd0801 / 0x00a0801: 8b != 9b
7758.3dfc: 00007ffbf3fd0802 / 0x00a0802: d1 != 00
7758.3dfc: 00007ffbf3fd0803 / 0x00a0803: b8 != 18
7758.3dfc: 00007ffbf3fd0804 / 0x00a0804: 3a != 00
7758.3dfc: 00007ffbf3fd0805 / 0x00a0805: 00 != cc
7758.3dfc: 00007ffbf3fd0806 / 0x00a0806: 00 != cc
7758.3dfc: 00007ffbf3fd0807 / 0x00a0807: 00 != cc
7758.3dfc: 00007ffbf3fd0840 / 0x00a0840: 4c != e9
7758.3dfc: 00007ffbf3fd0841 / 0x00a0841: 8b != 3b
7758.3dfc: 00007ffbf3fd0842 / 0x00a0842: d1 != 02
7758.3dfc: 00007ffbf3fd0843 / 0x00a0843: b8 != 18
7758.3dfc: 00007ffbf3fd0844 / 0x00a0844: 3c != 00
7758.3dfc: 00007ffbf3fd0845 / 0x00a0845: 00 != cc
7758.3dfc: 00007ffbf3fd0846 / 0x00a0846: 00 != cc
7758.3dfc: 00007ffbf3fd0847 / 0x00a0847: 00 != cc
7758.3dfc: 00007ffbf3fd08a0 / 0x00a08a0: 4c != e9
7758.3dfc: 00007ffbf3fd08a1 / 0x00a08a1: 8b != 7b
7758.3dfc: 00007ffbf3fd08a2 / 0x00a08a2: d1 != 0a
7758.3dfc: 00007ffbf3fd08a3 / 0x00a08a3: b8 != 18
7758.3dfc: 00007ffbf3fd08a4 / 0x00a08a4: 3f != 00
7758.3dfc: 00007ffbf3fd08a5 / 0x00a08a5: 00 != cc
7758.3dfc: 00007ffbf3fd08a6 / 0x00a08a6: 00 != cc
7758.3dfc: 00007ffbf3fd08a7 / 0x00a08a7: 00 != cc
7758.3dfc: 00007ffbf3fd08e0 / 0x00a08e0: 4c != e9
7758.3dfc: 00007ffbf3fd08e1 / 0x00a08e1: 8b != 3b
7758.3dfc: 00007ffbf3fd08e2 / 0x00a08e2: d1 != f8
7758.3dfc: 00007ffbf3fd08e3 / 0x00a08e3: b8 != 17
7758.3dfc: 00007ffbf3fd08e4 / 0x00a08e4: 41 != 00
7758.3dfc: 00007ffbf3fd08e5 / 0x00a08e5: 00 != cc
7758.3dfc: 00007ffbf3fd08e6 / 0x00a08e6: 00 != cc
7758.3dfc: 00007ffbf3fd08e7 / 0x00a08e7: 00 != cc
7758.3dfc: 00007ffbf3fd0960 / 0x00a0960: 4c != e9
7758.3dfc: 00007ffbf3fd0961 / 0x00a0961: 8b != db
7758.3dfc: 00007ffbf3fd0962 / 0x00a0962: d1 != 01
7758.3dfc: 00007ffbf3fd0963 / 0x00a0963: b8 != 18
7758.3dfc: 00007ffbf3fd0964 / 0x00a0964: 45 != 00
7758.3dfc: 00007ffbf3fd0965 / 0x00a0965: 00 != cc
7758.3dfc: 00007ffbf3fd0966 / 0x00a0966: 00 != cc
7758.3dfc: 00007ffbf3fd0967 / 0x00a0967: 00 != cc
7758.3dfc: 00007ffbf3fd0a00 / 0x00a0a00: 4c != e9
7758.3dfc: 00007ffbf3fd0a01 / 0x00a0a01: 8b != 9b
7758.3dfc: 00007ffbf3fd0a02 / 0x00a0a02: d1 != 13
7758.3dfc: 00007ffbf3fd0a03 / 0x00a0a03: b8 != 18
7758.3dfc: 00007ffbf3fd0a04 / 0x00a0a04: 4a != 00
7758.3dfc: 00007ffbf3fd0a05 / 0x00a0a05: 00 != cc
7758.3dfc: 00007ffbf3fd0a06 / 0x00a0a06: 00 != cc
7758.3dfc: 00007ffbf3fd0a07 / 0x00a0a07: 00 != cc
7758.3dfc: 00007ffbf3fd0a60 / 0x00a0a60: 4c != e9
7758.3dfc: 00007ffbf3fd0a61 / 0x00a0a61: 8b != fb
7758.3dfc: 00007ffbf3fd0a62 / 0x00a0a62: d1 != fb
7758.3dfc: 00007ffbf3fd0a63 / 0x00a0a63: b8 != 17
7758.3dfc: 00007ffbf3fd0a64 / 0x00a0a64: 4d != 00
7758.3dfc: 00007ffbf3fd0a65 / 0x00a0a65: 00 != cc
7758.3dfc: 00007ffbf3fd0a66 / 0x00a0a66: 00 != cc
7758.3dfc: 00007ffbf3fd0a67 / 0x00a0a67: 00 != cc
7758.3dfc: 00007ffbf3fd0a80 / 0x00a0a80: 4c != e9
7758.3dfc: 00007ffbf3fd0a81 / 0x00a0a81: 8b != 5b
7758.3dfc: 00007ffbf3fd0a82 / 0x00a0a82: d1 != fd
7758.3dfc: 00007ffbf3fd0a83 / 0x00a0a83: b8 != 17
7758.3dfc: 00007ffbf3fd0a84 / 0x00a0a84: 4e != 00
7758.3dfc: 00007ffbf3fd0a85 / 0x00a0a85: 00 != cc
7758.3dfc: 00007ffbf3fd0a86 / 0x00a0a86: 00 != cc
7758.3dfc: 00007ffbf3fd0a87 / 0x00a0a87: 00 != cc
7758.3dfc: 00007ffbf3fd0b00 / 0x00a0b00: 4c != e9
7758.3dfc: 00007ffbf3fd0b01 / 0x00a0b01: 8b != 1b
7758.3dfc: 00007ffbf3fd0b02 / 0x00a0b02: d1 != 0e
7758.3dfc: 00007ffbf3fd0b03 / 0x00a0b03: b8 != 18
7758.3dfc: 00007ffbf3fd0b04 / 0x00a0b04: 52 != 00
7758.3dfc: 00007ffbf3fd0b05 / 0x00a0b05: 00 != cc
7758.3dfc: 00007ffbf3fd0b06 / 0x00a0b06: 00 != cc
7758.3dfc: 00007ffbf3fd0b07 / 0x00a0b07: 00 != cc
7758.3dfc: 00007ffbf3fd0fd0 / 0x00a0fd0: 4c != e9
7758.3dfc: 00007ffbf3fd0fd1 / 0x00a0fd1: 8b != ab
7758.3dfc: 00007ffbf3fd0fd2 / 0x00a0fd2: d1 != 06
7758.3dfc: 00007ffbf3fd0fd3 / 0x00a0fd3: b8 != 18
7758.3dfc: 00007ffbf3fd0fd4 / 0x00a0fd4: 79 != 00
7758.3dfc: 00007ffbf3fd0fd5 / 0x00a0fd5: 00 != cc
7758.3dfc: 00007ffbf3fd0fd6 / 0x00a0fd6: 00 != cc
7758.3dfc: 00007ffbf3fd0fd7 / 0x00a0fd7: 00 != cc
7758.3dfc: 00007ffbf3fd1010 / 0x00a1010: 4c != e9
7758.3dfc: 00007ffbf3fd1011 / 0x00a1011: 8b != cb
7758.3dfc: 00007ffbf3fd1012 / 0x00a1012: d1 != 06
7758.3dfc: 00007ffbf3fd1013 / 0x00a1013: b8 != 18
7758.3dfc: 00007ffbf3fd1014 / 0x00a1014: 7b != 00
7758.3dfc: 00007ffbf3fd1015 / 0x00a1015: 00 != cc
7758.3dfc: 00007ffbf3fd1016 / 0x00a1016: 00 != cc
7758.3dfc: 00007ffbf3fd1017 / 0x00a1017: 00 != cc
7758.3dfc: 00007ffbf3fd1230 / 0x00a1230: 4c != e9
7758.3dfc: 00007ffbf3fd1231 / 0x00a1231: 8b != 0b
7758.3dfc: 00007ffbf3fd1232 / 0x00a1232: d1 != 05
7758.3dfc: 00007ffbf3fd1233 / 0x00a1233: b8 != 18
7758.3dfc: 00007ffbf3fd1234 / 0x00a1234: 8c != 00
7758.3dfc: 00007ffbf3fd1235 / 0x00a1235: 00 != cc
7758.3dfc: 00007ffbf3fd1236 / 0x00a1236: 00 != cc
7758.3dfc: 00007ffbf3fd1237 / 0x00a1237: 00 != cc
7758.3dfc: 00007ffbf3fd1410 / 0x00a1410: 4c != e9
7758.3dfc: 00007ffbf3fd1411 / 0x00a1411: 8b != ab
7758.3dfc: 00007ffbf3fd1412 / 0x00a1412: d1 != 0a
7758.3dfc: 00007ffbf3fd1413 / 0x00a1413: b8 != 18
7758.3dfc: 00007ffbf3fd1414 / 0x00a1414: 9b != 00
7758.3dfc: 00007ffbf3fd1415 / 0x00a1415: 00 != cc
7758.3dfc: 00007ffbf3fd1416 / 0x00a1416: 00 != cc
7758.3dfc: 00007ffbf3fd1417 / 0x00a1417: 00 != cc
7758.3dfc: 00007ffbf3fd17b0 / 0x00a17b0: 4c != e9
7758.3dfc: 00007ffbf3fd17b1 / 0x00a17b1: 8b != cb
7758.3dfc: 00007ffbf3fd17b2 / 0x00a17b2: d1 != 07
7758.3dfc: 00007ffbf3fd17b3 / 0x00a17b3: b8 != 18
7758.3dfc: 00007ffbf3fd17b4 / 0x00a17b4: b8 != 00
7758.3dfc: 00007ffbf3fd17b5 / 0x00a17b5: 00 != cc
7758.3dfc: 00007ffbf3fd17b6 / 0x00a17b6: 00 != cc
7758.3dfc: 00007ffbf3fd17b7 / 0x00a17b7: 00 != cc
7758.3dfc: 00007ffbf3fd1870 / 0x00a1870: 4c != e9
7758.3dfc: 00007ffbf3fd1872 / 0x00a1872: d1 != ed
7758.3dfc: 00007ffbf3fd1873 / 0x00a1873: b8 != 17
7758.3dfc: 00007ffbf3fd1874 / 0x00a1874: be != 00
7758.3dfc: 00007ffbf3fd1875 / 0x00a1875: 00 != cc
7758.3dfc: 00007ffbf3fd1876 / 0x00a1876: 00 != cc
7758.3dfc: 00007ffbf3fd1877 / 0x00a1877: 00 != cc
7758.3dfc: 00007ffbf3fd1930 / 0x00a1930: 4c != e9
7758.3dfc: 00007ffbf3fd1931 / 0x00a1931: 8b != cb
7758.3dfc: 00007ffbf3fd1932 / 0x00a1932: d1 != 04
7758.3dfc: 00007ffbf3fd1933 / 0x00a1933: b8 != 18
7758.3dfc: 00007ffbf3fd1934 / 0x00a1934: c4 != 00
7758.3dfc: 00007ffbf3fd1935 / 0x00a1935: 00 != cc
7758.3dfc: 00007ffbf3fd1936 / 0x00a1936: 00 != cc
7758.3dfc: 00007ffbf3fd1937 / 0x00a1937: 00 != cc
7758.3dfc: 00007ffbf3fd1970 / 0x00a1970: 4c != e9
7758.3dfc: 00007ffbf3fd1971 / 0x00a1971: 8b != cb
7758.3dfc: 00007ffbf3fd1972 / 0x00a1972: d1 != 06
7758.3dfc: 00007ffbf3fd1973 / 0x00a1973: b8 != 18
7758.3dfc: 00007ffbf3fd1974 / 0x00a1974: c6 != 00
7758.3dfc: 00007ffbf3fd1975 / 0x00a1975: 00 != cc
7758.3dfc: 00007ffbf3fd1976 / 0x00a1976: 00 != cc
7758.3dfc: 00007ffbf3fd1977 / 0x00a1977: 00 != cc
7758.3dfc: 00007ffbf3fd1990 / 0x00a1990: 4c != e9
7758.3dfc: 00007ffbf3fd1991 / 0x00a1991: 8b != ab
7758.3dfc: 00007ffbf3fd1992 / 0x00a1992: d1 != ee
7758.3dfc: 00007ffbf3fd1993 / 0x00a1993: b8 != 17
7758.3dfc: 00007ffbf3fd1994 / 0x00a1994: c7 != 00
7758.3dfc: 00007ffbf3fd1995 / 0x00a1995: 00 != cc
7758.3dfc: 00007ffbf3fd1996 / 0x00a1996: 00 != cc
7758.3dfc: 00007ffbf3fd1997 / 0x00a1997: 00 != cc
7758.3dfc: 00007ffbf3fd1a50 / 0x00a1a50: 4c != e9
7758.3dfc: 00007ffbf3fd1a51 / 0x00a1a51: 8b != 2b
7758.3dfc: 00007ffbf3fd1a52 / 0x00a1a52: d1 != 02
7758.3dfc: 00007ffbf3fd1a53 / 0x00a1a53: b8 != 18
7758.3dfc: 00007ffbf3fd1a54 / 0x00a1a54: cd != 00
7758.3dfc: 00007ffbf3fd1a55 / 0x00a1a55: 00 != cc
7758.3dfc: 00007ffbf3fd1a56 / 0x00a1a56: 00 != cc
7758.3dfc: 00007ffbf3fd1a57 / 0x00a1a57: 00 != cc
7758.3dfc: 00007ffbf3fd1a90 / 0x00a1a90: 4c != e9
7758.3dfc: 00007ffbf3fd1a91 / 0x00a1a91: 8b != 2b
7758.3dfc: 00007ffbf3fd1a92 / 0x00a1a92: d1 != ec
7758.3dfc: 00007ffbf3fd1a93 / 0x00a1a93: b8 != 17
7758.3dfc: 00007ffbf3fd1a94 / 0x00a1a94: cf != 00
7758.3dfc: 00007ffbf3fd1a95 / 0x00a1a95: 00 != cc
7758.3dfc: 00007ffbf3fd1a96 / 0x00a1a96: 00 != cc
7758.3dfc: 00007ffbf3fd1a97 / 0x00a1a97: 00 != cc
7758.3dfc: 00007ffbf3fd2230 / 0x00a2230: 4c != e9
7758.3dfc: 00007ffbf3fd2231 / 0x00a2231: 8b != ab
7758.3dfc: 00007ffbf3fd2232 / 0x00a2232: d1 != fd
7758.3dfc: 00007ffbf3fd2233 / 0x00a2233: b8 != 17
7758.3dfc: 00007ffbf3fd2234 / 0x00a2234: 0c != 00
7758.3dfc: 00007ffbf3fd2235 / 0x00a2235: 01 != cc
7758.3dfc: 00007ffbf3fd2236 / 0x00a2236: 00 != cc
7758.3dfc: 00007ffbf3fd2237 / 0x00a2237: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3fd02ce
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3fd2430 / 0x00a2430: 4c != e9
7758.3dfc: 00007ffbf3fd2431 / 0x00a2431: 8b != eb
7758.3dfc: 00007ffbf3fd2432 / 0x00a2432: d1 != e8
7758.3dfc: 00007ffbf3fd2433 / 0x00a2433: b8 != 17
7758.3dfc: 00007ffbf3fd2434 / 0x00a2434: 1c != 00
7758.3dfc: 00007ffbf3fd2435 / 0x00a2435: 01 != cc
7758.3dfc: 00007ffbf3fd2436 / 0x00a2436: 00 != cc
7758.3dfc: 00007ffbf3fd2437 / 0x00a2437: 00 != cc
7758.3dfc: 00007ffbf3fd2e10 / 0x00a2e10: 4c != e9
7758.3dfc: 00007ffbf3fd2e11 / 0x00a2e11: 8b != eb
7758.3dfc: 00007ffbf3fd2e12 / 0x00a2e12: d1 != e9
7758.3dfc: 00007ffbf3fd2e13 / 0x00a2e13: b8 != 17
7758.3dfc: 00007ffbf3fd2e14 / 0x00a2e14: 6b != 00
7758.3dfc: 00007ffbf3fd2e15 / 0x00a2e15: 01 != cc
7758.3dfc: 00007ffbf3fd2e16 / 0x00a2e16: 00 != cc
7758.3dfc: 00007ffbf3fd2e17 / 0x00a2e17: 00 != cc
7758.3dfc: 00007ffbf3fd2eb0 / 0x00a2eb0: 4c != e9
7758.3dfc: 00007ffbf3fd2eb1 / 0x00a2eb1: 8b != eb
7758.3dfc: 00007ffbf3fd2eb2 / 0x00a2eb2: d1 != dc
7758.3dfc: 00007ffbf3fd2eb3 / 0x00a2eb3: b8 != 17
7758.3dfc: 00007ffbf3fd2eb4 / 0x00a2eb4: 70 != 00
7758.3dfc: 00007ffbf3fd2eb5 / 0x00a2eb5: 01 != cc
7758.3dfc: 00007ffbf3fd2eb6 / 0x00a2eb6: 00 != cc
7758.3dfc: 00007ffbf3fd2eb7 / 0x00a2eb7: 00 != cc
7758.3dfc: 00007ffbf3fd2ed0 / 0x00a2ed0: 4c != e9
7758.3dfc: 00007ffbf3fd2ed1 / 0x00a2ed1: 8b != eb
7758.3dfc: 00007ffbf3fd2ed2 / 0x00a2ed2: d1 != f5
7758.3dfc: 00007ffbf3fd2ed3 / 0x00a2ed3: b8 != 17
7758.3dfc: 00007ffbf3fd2ed4 / 0x00a2ed4: 71 != 00
7758.3dfc: 00007ffbf3fd2ed5 / 0x00a2ed5: 01 != cc
7758.3dfc: 00007ffbf3fd2ed6 / 0x00a2ed6: 00 != cc
7758.3dfc: 00007ffbf3fd2ed7 / 0x00a2ed7: 00 != cc
7758.3dfc: 00007ffbf3fd2f10 / 0x00a2f10: 4c != e9
7758.3dfc: 00007ffbf3fd2f11 / 0x00a2f11: 8b != ab
7758.3dfc: 00007ffbf3fd2f12 / 0x00a2f12: d1 != d4
7758.3dfc: 00007ffbf3fd2f13 / 0x00a2f13: b8 != 17
7758.3dfc: 00007ffbf3fd2f14 / 0x00a2f14: 73 != 00
7758.3dfc: 00007ffbf3fd2f15 / 0x00a2f15: 01 != cc
7758.3dfc: 00007ffbf3fd2f16 / 0x00a2f16: 00 != cc
7758.3dfc: 00007ffbf3fd2f17 / 0x00a2f17: 00 != cc
7758.3dfc: 00007ffbf3fd3250 / 0x00a3250: 4c != e9
7758.3dfc: 00007ffbf3fd3251 / 0x00a3251: 8b != 0b
7758.3dfc: 00007ffbf3fd3252 / 0x00a3252: d1 != ec
7758.3dfc: 00007ffbf3fd3253 / 0x00a3253: b8 != 17
7758.3dfc: 00007ffbf3fd3254 / 0x00a3254: 8d != 00
7758.3dfc: 00007ffbf3fd3255 / 0x00a3255: 01 != cc
7758.3dfc: 00007ffbf3fd3256 / 0x00a3256: 00 != cc
7758.3dfc: 00007ffbf3fd3257 / 0x00a3257: 00 != cc
7758.3dfc: 00007ffbf3fd33b0 / 0x00a33b0: 4c != e9
7758.3dfc: 00007ffbf3fd33b1 / 0x00a33b1: 8b != 4b
7758.3dfc: 00007ffbf3fd33b2 / 0x00a33b2: d1 != d8
7758.3dfc: 00007ffbf3fd33b3 / 0x00a33b3: b8 != 17
7758.3dfc: 00007ffbf3fd33b4 / 0x00a33b4: 98 != 00
7758.3dfc: 00007ffbf3fd33b5 / 0x00a33b5: 01 != cc
7758.3dfc: 00007ffbf3fd33b6 / 0x00a33b6: 00 != cc
7758.3dfc: 00007ffbf3fd33b7 / 0x00a33b7: 00 != cc
7758.3dfc: 00007ffbf3fd3610 / 0x00a3610: 4c != e9
7758.3dfc: 00007ffbf3fd3611 / 0x00a3611: 8b != 0b
7758.3dfc: 00007ffbf3fd3612 / 0x00a3612: d1 != e9
7758.3dfc: 00007ffbf3fd3613 / 0x00a3613: b8 != 17
7758.3dfc: 00007ffbf3fd3614 / 0x00a3614: ab != 00
7758.3dfc: 00007ffbf3fd3615 / 0x00a3615: 01 != cc
7758.3dfc: 00007ffbf3fd3616 / 0x00a3616: 00 != cc
7758.3dfc: 00007ffbf3fd3617 / 0x00a3617: 00 != cc
7758.3dfc: 00007ffbf3fd37b0 / 0x00a37b0: 4c != e9
7758.3dfc: 00007ffbf3fd37b1 / 0x00a37b1: 8b != eb
7758.3dfc: 00007ffbf3fd37b2 / 0x00a37b2: d1 != df
7758.3dfc: 00007ffbf3fd37b3 / 0x00a37b3: b8 != 17
7758.3dfc: 00007ffbf3fd37b4 / 0x00a37b4: b8 != 00
7758.3dfc: 00007ffbf3fd37b5 / 0x00a37b5: 01 != cc
7758.3dfc: 00007ffbf3fd37b6 / 0x00a37b6: 00 != cc
7758.3dfc: 00007ffbf3fd37b7 / 0x00a37b7: 00 != cc
7758.3dfc: 00007ffbf3fd3910 / 0x00a3910: 4c != e9
7758.3dfc: 00007ffbf3fd3911 / 0x00a3911: 8b != cb
7758.3dfc: 00007ffbf3fd3912 / 0x00a3912: d1 != e9
7758.3dfc: 00007ffbf3fd3913 / 0x00a3913: b8 != 17
7758.3dfc: 00007ffbf3fd3914 / 0x00a3914: c3 != 00
7758.3dfc: 00007ffbf3fd3915 / 0x00a3915: 01 != cc
7758.3dfc: 00007ffbf3fd3916 / 0x00a3916: 00 != cc
7758.3dfc: 00007ffbf3fd3917 / 0x00a3917: 00 != cc
7758.3dfc: 00007ffbf3fd3a30 / 0x00a3a30: 4c != e9
7758.3dfc: 00007ffbf3fd3a31 / 0x00a3a31: 8b != 0b
7758.3dfc: 00007ffbf3fd3a32 / 0x00a3a32: d1 != e9
7758.3dfc: 00007ffbf3fd3a33 / 0x00a3a33: b8 != 17
7758.3dfc: 00007ffbf3fd3a34 / 0x00a3a34: cc != 00
7758.3dfc: 00007ffbf3fd3a35 / 0x00a3a35: 01 != cc
7758.3dfc: 00007ffbf3fd3a36 / 0x00a3a36: 00 != cc
7758.3dfc: 00007ffbf3fd3a37 / 0x00a3a37: 00 != cc
7758.3dfc: Restored 0x1d02 bytes of original file content at 00007ffbf3fd22ce
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf4016f40 / 0x00e6f40: 4c != e9
7758.3dfc: 00007ffbf4016f41 / 0x00e6f41: 8b != 7b
7758.3dfc: 00007ffbf4016f42 / 0x00e6f42: c2 != a9
7758.3dfc: 00007ffbf4016f43 / 0x00e6f43: 41 != 13
7758.3dfc: 00007ffbf4016f44 / 0x00e6f44: b9 != 00
7758.3dfc: 00007ffbf4016f46 / 0x00e6f46: 02 != cc
7758.3dfc: 00007ffbf4016f47 / 0x00e6f47: 00 != cc
7758.3dfc: 00007ffbf4016f48 / 0x00e6f48: 00 != cc
7758.3dfc: 00007ffbf40173d0 / 0x00e73d0: 48 != e9
7758.3dfc: 00007ffbf40173d1 / 0x00e73d1: 8b != 4b
7758.3dfc: 00007ffbf40173d2 / 0x00e73d2: c4 != 90
7758.3dfc: 00007ffbf40173d3 / 0x00e73d3: 48 != 13
7758.3dfc: 00007ffbf40173d4 / 0x00e73d4: 89 != 00
7758.3dfc: 00007ffbf40173d5 / 0x00e73d5: 58 != cc
7758.3dfc: 00007ffbf40173d6 / 0x00e73d6: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf401614e
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf4057b60 / 0x0127b60: 48 != e9
7758.3dfc: 00007ffbf4057b61 / 0x0127b61: 8b != 1b
7758.3dfc: 00007ffbf4057b62 / 0x0127b62: c4 != a7
7758.3dfc: 00007ffbf4057b63 / 0x0127b63: 48 != 0f
7758.3dfc: 00007ffbf4057b64 / 0x0127b64: 89 != 00
7758.3dfc: 00007ffbf4057b65 / 0x0127b65: 58 != cc
7758.3dfc: 00007ffbf4057b66 / 0x0127b66: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf405614e
7758.3dfc: ntdll.dll: Differences in section #9 (.00cfg) between file and memory:
7758.3dfc: 00007ffbf40cf000 / 0x019f000: 80 != 30
7758.3dfc: 00007ffbf40cf001 / 0x019f001: 3d != f2
7758.3dfc: 00007ffbf40cf002 / 0x019f002: fd != fb
7758.3dfc: 00007ffbf40cf008 / 0x019f008: e0 != f0
7758.3dfc: 00007ffbf40cf009 / 0x019f009: ef != f0
7758.3dfc: 00007ffbf40cf010 / 0x019f010: a0 != 30
7758.3dfc: 00007ffbf40cf011 / 0x019f011: 3d != f2
7758.3dfc: 00007ffbf40cf012 / 0x019f012: fd != fb
7758.3dfc: 00007ffbf40cf018 / 0x019f018: a0 != 30
7758.3dfc: 00007ffbf40cf019 / 0x019f019: 3d != f2
7758.3dfc: 00007ffbf40cf01a / 0x019f01a: fd != fb
7758.3dfc: Restored 0x28 bytes of original file content at 00007ffbf40cf000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3024550 / 0x0014550: 4c != e9
7758.3dfc: 00007ffbf3024551 / 0x0014551: 8b != eb
7758.3dfc: 00007ffbf3024552 / 0x0014552: dc != bf
7758.3dfc: 00007ffbf3024553 / 0x0014553: 53 != 12
7758.3dfc: 00007ffbf3024554 / 0x0014554: 56 != 01
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3023000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf30342d0 / 0x00242d0: 89 != e9
7758.3dfc: 00007ffbf30342d1 / 0x00242d1: 54 != 8b
7758.3dfc: 00007ffbf30342d2 / 0x00242d2: 24 != c9
7758.3dfc: 00007ffbf30342d3 / 0x00242d3: 10 != 11
7758.3dfc: 00007ffbf30342d4 / 0x00242d4: 89 != 01
7758.3dfc: 00007ffbf30342d5 / 0x00242d5: 4c != cc
7758.3dfc: 00007ffbf30342d6 / 0x00242d6: 24 != cc
7758.3dfc: 00007ffbf30342d7 / 0x00242d7: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3033000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3037300 / 0x0027300: 48 != e9
7758.3dfc: 00007ffbf3037301 / 0x0027301: 83 != 9b
7758.3dfc: 00007ffbf3037302 / 0x0027302: ec != 9b
7758.3dfc: 00007ffbf3037303 / 0x0027303: 38 != 11
7758.3dfc: 00007ffbf3037304 / 0x0027304: 48 != 01
7758.3dfc: 00007ffbf3037305 / 0x0027305: 83 != cc
7758.3dfc: 00007ffbf3037306 / 0x0027306: 64 != cc
7758.3dfc: 00007ffbf3037307 / 0x0027307: 24 != cc
7758.3dfc: 00007ffbf3037308 / 0x0027308: 28 != cc
7758.3dfc: 00007ffbf3037309 / 0x0027309: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3037000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf30727a0 / 0x00627a0: 48 != e9
7758.3dfc: 00007ffbf30727a1 / 0x00627a1: 89 != fb
7758.3dfc: 00007ffbf30727a2 / 0x00627a2: 5c != f8
7758.3dfc: 00007ffbf30727a3 / 0x00627a3: 24 != 0d
7758.3dfc: 00007ffbf30727a4 / 0x00627a4: 08 != 01
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3071000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3073300 / 0x0063300: 48 != e9
7758.3dfc: 00007ffbf3073301 / 0x0063301: 8b != db
7758.3dfc: 00007ffbf3073302 / 0x0063302: c4 != e9
7758.3dfc: 00007ffbf3073303 / 0x0063303: 48 != 0d
7758.3dfc: 00007ffbf3073304 / 0x0063304: 89 != 01
7758.3dfc: 00007ffbf3073305 / 0x0063305: 58 != cc
7758.3dfc: 00007ffbf3073306 / 0x0063306: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3073000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf30750f0 / 0x00650f0: 48 != e9
7758.3dfc: 00007ffbf30750f1 / 0x00650f1: 83 != 6b
7758.3dfc: 00007ffbf30750f2 / 0x00650f2: ec != be
7758.3dfc: 00007ffbf30750f3 / 0x00650f3: 38 != 0d
7758.3dfc: 00007ffbf30750f4 / 0x00650f4: 48 != 01
7758.3dfc: 00007ffbf30750f5 / 0x00650f5: 83 != cc
7758.3dfc: 00007ffbf30750f6 / 0x00650f6: 64 != cc
7758.3dfc: 00007ffbf30750f7 / 0x00650f7: 24 != cc
7758.3dfc: 00007ffbf30750f8 / 0x00650f8: 28 != cc
7758.3dfc: 00007ffbf30750f9 / 0x00650f9: 00 != cc
7758.3dfc: 00007ffbf30761e0 / 0x00661e0: 48 != e9
7758.3dfc: 00007ffbf30761e1 / 0x00661e1: 89 != fb
7758.3dfc: 00007ffbf30761e2 / 0x00661e2: 5c != ab
7758.3dfc: 00007ffbf30761e3 / 0x00661e3: 24 != 0d
7758.3dfc: 00007ffbf30761e4 / 0x00661e4: 08 != 01
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3075000
7758.3dfc: kernel32.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3078600 / 0x0068600: 48 != e9
7758.3dfc: 00007ffbf3078601 / 0x0068601: 8b != 5b
7758.3dfc: 00007ffbf3078602 / 0x0068602: c4 != 9b
7758.3dfc: 00007ffbf3078603 / 0x0068603: 48 != 0d
7758.3dfc: 00007ffbf3078604 / 0x0068604: 89 != 01
7758.3dfc: 00007ffbf3078605 / 0x0068605: 58 != cc
7758.3dfc: 00007ffbf3078606 / 0x0068606: 10 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3077000
7758.3dfc: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
7758.3dfc: 00007ffbf3094910 / 0x0084910: f0 != 50
7758.3dfc: 00007ffbf3094911 / 0x0084911: b7 != be
7758.3dfc: 00007ffbf3094912 / 0x0084912: 54 != 40
7758.3dfc: 00007ffbf3094913 / 0x0084913: f1 != ed
7758.3dfc: 00007ffbf3095bc0 / 0x0085bc0: b0 != 00
7758.3dfc: 00007ffbf3095bc1 / 0x0085bc1: 0c != 84
7758.3dfc: 00007ffbf3095bc2 / 0x0085bc2: fd != 40
7758.3dfc: 00007ffbf3095bc3 / 0x0085bc3: f3 != ed
7758.3dfc: 00007ffbf3095fe0 / 0x0085fe0: a0 != 90
7758.3dfc: 00007ffbf3095fe1 / 0x0085fe1: 05 != 79
7758.3dfc: 00007ffbf3095fe2 / 0x0085fe2: fd != 3d
7758.3dfc: 00007ffbf3095fe3 / 0x0085fe3: f3 != ed
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3094000
7758.3dfc: kernel32.dll: Differences in section #2 (.rdata) between file and memory:
7758.3dfc: 00007ffbf3096160 / 0x0086160: 60 != 10
7758.3dfc: 00007ffbf3096161 / 0x0086161: 0b != 82
7758.3dfc: 00007ffbf3096162 / 0x0086162: fd != 40
7758.3dfc: 00007ffbf3096163 / 0x0086163: f3 != ed
7758.3dfc: 00007ffbf3096548 / 0x0086548: 60 != 10
7758.3dfc: 00007ffbf3096549 / 0x0086549: 0b != 82
7758.3dfc: 00007ffbf309654a / 0x008654a: fd != 40
7758.3dfc: 00007ffbf309654b / 0x008654b: f3 != ed
7758.3dfc: 00007ffbf30966b8 / 0x00866b8: 70 != f0
7758.3dfc: 00007ffbf30966b9 / 0x00866b9: ff != f0
7758.3dfc: 00007ffbf30966ba / 0x00866ba: 02 != fb
7758.3dfc: 00007ffbf30966c0 / 0x00866c0: 10 != 30
7758.3dfc: 00007ffbf30966c1 / 0x00866c1: 42 != f2
7758.3dfc: 00007ffbf30966c2 / 0x00866c2: 03 != fb
7758.3dfc: 00007ffbf30966c8 / 0x00866c8: 70 != f0
7758.3dfc: 00007ffbf30966c9 / 0x00866c9: ff != f0
7758.3dfc: 00007ffbf30966ca / 0x00866ca: 02 != fb
7758.3dfc: 00007ffbf30966d1 / 0x00866d1: 42 != f2
7758.3dfc: 00007ffbf30966d2 / 0x00866d2: 03 != fb
7758.3dfc: 00007ffbf30966d9 / 0x00866d9: 42 != f2
7758.3dfc: 00007ffbf30966da / 0x00866da: 03 != fb
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3096000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1531e10 / 0x0011e10: 40 != e9
7758.3dfc: 00007ffbf1531e11 / 0x0011e11: 53 != 2b
7758.3dfc: 00007ffbf1531e12 / 0x0011e12: 57 != f3
7758.3dfc: 00007ffbf1531e13 / 0x0011e13: 41 != c1
7758.3dfc: 00007ffbf1531e14 / 0x0011e14: 56 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1531000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1536830 / 0x0016830: 65 != e9
7758.3dfc: 00007ffbf1536831 / 0x0016831: 48 != cb
7758.3dfc: 00007ffbf1536832 / 0x0016832: 8b != bb
7758.3dfc: 00007ffbf1536833 / 0x0016833: 04 != c1
7758.3dfc: 00007ffbf1536834 / 0x0016834: 25 != 02
7758.3dfc: 00007ffbf1536835 / 0x0016835: 60 != cc
7758.3dfc: 00007ffbf1536836 / 0x0016836: 00 != cc
7758.3dfc: 00007ffbf1536837 / 0x0016837: 00 != cc
7758.3dfc: 00007ffbf1536838 / 0x0016838: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1535000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1549270 / 0x0029270: 40 != e9
7758.3dfc: 00007ffbf1549271 / 0x0029271: 53 != 0b
7758.3dfc: 00007ffbf1549272 / 0x0029272: 48 != 7b
7758.3dfc: 00007ffbf1549273 / 0x0029273: 83 != c0
7758.3dfc: 00007ffbf1549274 / 0x0029274: ec != 02
7758.3dfc: 00007ffbf1549275 / 0x0029275: 20 != cc
7758.3dfc: 00007ffbf1549d10 / 0x0029d10: 48 != e9
7758.3dfc: 00007ffbf1549d11 / 0x0029d11: 89 != ab
7758.3dfc: 00007ffbf1549d12 / 0x0029d12: 5c != 84
7758.3dfc: 00007ffbf1549d13 / 0x0029d13: 24 != c0
7758.3dfc: 00007ffbf1549d14 / 0x0029d14: 18 != 02
7758.3dfc: 00007ffbf1549e70 / 0x0029e70: 48 != e9
7758.3dfc: 00007ffbf1549e71 / 0x0029e71: 8b != ab
7758.3dfc: 00007ffbf1549e72 / 0x0029e72: c4 != 83
7758.3dfc: 00007ffbf1549e73 / 0x0029e73: 48 != c0
7758.3dfc: 00007ffbf1549e74 / 0x0029e74: 89 != 02
7758.3dfc: 00007ffbf1549e75 / 0x0029e75: 58 != cc
7758.3dfc: 00007ffbf1549e76 / 0x0029e76: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1549000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1552a90 / 0x0032a90: 48 != e9
7758.3dfc: 00007ffbf1552a91 / 0x0032a91: 89 != 8b
7758.3dfc: 00007ffbf1552a92 / 0x0032a92: 5c != e5
7758.3dfc: 00007ffbf1552a93 / 0x0032a93: 24 != bf
7758.3dfc: 00007ffbf1552a94 / 0x0032a94: 08 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1551000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf155bee0 / 0x003bee0: 40 != e9
7758.3dfc: 00007ffbf155bee1 / 0x003bee1: 53 != 9b
7758.3dfc: 00007ffbf155bee2 / 0x003bee2: 48 != 5a
7758.3dfc: 00007ffbf155bee3 / 0x003bee3: 81 != bf
7758.3dfc: 00007ffbf155bee4 / 0x003bee4: ec != 02
7758.3dfc: 00007ffbf155bee5 / 0x003bee5: 80 != cc
7758.3dfc: 00007ffbf155bee6 / 0x003bee6: 00 != cc
7758.3dfc: 00007ffbf155bee7 / 0x003bee7: 00 != cc
7758.3dfc: 00007ffbf155bee8 / 0x003bee8: 00 != cc
7758.3dfc: 00007ffbf155bf70 / 0x003bf70: 40 != e9
7758.3dfc: 00007ffbf155bf71 / 0x003bf71: 53 != 6b
7758.3dfc: 00007ffbf155bf72 / 0x003bf72: 48 != 5a
7758.3dfc: 00007ffbf155bf73 / 0x003bf73: 81 != bf
7758.3dfc: 00007ffbf155bf74 / 0x003bf74: ec != 02
7758.3dfc: 00007ffbf155bf75 / 0x003bf75: 80 != cc
7758.3dfc: 00007ffbf155bf76 / 0x003bf76: 00 != cc
7758.3dfc: 00007ffbf155bf77 / 0x003bf77: 00 != cc
7758.3dfc: 00007ffbf155bf78 / 0x003bf78: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf155b000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15642e0 / 0x00442e0: 4c != e9
7758.3dfc: 00007ffbf15642e1 / 0x00442e1: 8b != 9b
7758.3dfc: 00007ffbf15642e2 / 0x00442e2: dc != c4
7758.3dfc: 00007ffbf15642e3 / 0x00442e3: 53 != be
7758.3dfc: 00007ffbf15642e4 / 0x00442e4: 56 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1563000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15651c0 / 0x00451c0: 40 != e9
7758.3dfc: 00007ffbf15651c1 / 0x00451c1: 53 != 9b
7758.3dfc: 00007ffbf15651c2 / 0x00451c2: 56 != b7
7758.3dfc: 00007ffbf15651c3 / 0x00451c3: 57 != be
7758.3dfc: 00007ffbf15651c4 / 0x00451c4: 41 != 02
7758.3dfc: 00007ffbf15651c5 / 0x00451c5: 54 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1565000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1579720 / 0x0059720: 40 != e9
7758.3dfc: 00007ffbf1579721 / 0x0059721: 53 != bb
7758.3dfc: 00007ffbf1579722 / 0x0059722: 55 != 7c
7758.3dfc: 00007ffbf1579723 / 0x0059723: 56 != bd
7758.3dfc: 00007ffbf1579724 / 0x0059724: 57 != 02
7758.3dfc: 00007ffbf1579800 / 0x0059800: 48 != e9
7758.3dfc: 00007ffbf1579801 / 0x0059801: 83 != fb
7758.3dfc: 00007ffbf1579802 / 0x0059802: ec != 7c
7758.3dfc: 00007ffbf1579803 / 0x0059803: 38 != bd
7758.3dfc: 00007ffbf1579804 / 0x0059804: c7 != 02
7758.3dfc: 00007ffbf1579805 / 0x0059805: 44 != cc
7758.3dfc: 00007ffbf1579806 / 0x0059806: 24 != cc
7758.3dfc: 00007ffbf1579807 / 0x0059807: 20 != cc
7758.3dfc: 00007ffbf1579808 / 0x0059808: 01 != cc
7758.3dfc: 00007ffbf1579809 / 0x0059809: 00 != cc
7758.3dfc: 00007ffbf157980a / 0x005980a: 00 != cc
7758.3dfc: 00007ffbf157980b / 0x005980b: 00 != cc
7758.3dfc: 00007ffbf1579a50 / 0x0059a50: 40 != e9
7758.3dfc: 00007ffbf1579a51 / 0x0059a51: 53 != eb
7758.3dfc: 00007ffbf1579a52 / 0x0059a52: 55 != 79
7758.3dfc: 00007ffbf1579a53 / 0x0059a53: 56 != bd
7758.3dfc: 00007ffbf1579a54 / 0x0059a54: 57 != 02
7758.3dfc: 00007ffbf1579c00 / 0x0059c00: 48 != e9
7758.3dfc: 00007ffbf1579c01 / 0x0059c01: 89 != 9b
7758.3dfc: 00007ffbf1579c02 / 0x0059c02: 5c != 78
7758.3dfc: 00007ffbf1579c03 / 0x0059c03: 24 != bd
7758.3dfc: 00007ffbf1579c04 / 0x0059c04: 20 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1579000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1581ac0 / 0x0061ac0: 48 != e9
7758.3dfc: 00007ffbf1581ac1 / 0x0061ac1: 8b != fb
7758.3dfc: 00007ffbf1581ac2 / 0x0061ac2: c4 != 00
7758.3dfc: 00007ffbf1581ac3 / 0x0061ac3: 48 != bd
7758.3dfc: 00007ffbf1581ac4 / 0x0061ac4: 89 != 02
7758.3dfc: 00007ffbf1581ac5 / 0x0061ac5: 58 != cc
7758.3dfc: 00007ffbf1581ac6 / 0x0061ac6: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1581000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf158d500 / 0x006d500: 48 != e9
7758.3dfc: 00007ffbf158d501 / 0x006d501: 89 != fb
7758.3dfc: 00007ffbf158d502 / 0x006d502: 5c != 45
7758.3dfc: 00007ffbf158d503 / 0x006d503: 24 != bc
7758.3dfc: 00007ffbf158d504 / 0x006d504: 10 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf158d000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf158fb10 / 0x006fb10: 4c != e9
7758.3dfc: 00007ffbf158fb11 / 0x006fb11: 8b != 0b
7758.3dfc: 00007ffbf158fb12 / 0x006fb12: dc != 0f
7758.3dfc: 00007ffbf158fb13 / 0x006fb13: 48 != bc
7758.3dfc: 00007ffbf158fb14 / 0x006fb14: 83 != 02
7758.3dfc: 00007ffbf158fb15 / 0x006fb15: ec != cc
7758.3dfc: 00007ffbf158fb16 / 0x006fb16: 68 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf158f000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15956c0 / 0x00756c0: 45 != e9
7758.3dfc: 00007ffbf15956c1 / 0x00756c1: 33 != 1b
7758.3dfc: 00007ffbf15956c2 / 0x00756c2: c9 != b4
7758.3dfc: 00007ffbf15956c3 / 0x00756c3: e9 != bb
7758.3dfc: 00007ffbf15956c4 / 0x00756c4: 08 != 02
7758.3dfc: 00007ffbf15956c5 / 0x00756c5: 00 != cc
7758.3dfc: 00007ffbf15956c6 / 0x00756c6: 00 != cc
7758.3dfc: 00007ffbf15956c7 / 0x00756c7: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1595000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1599270 / 0x0079270: 40 != e9
7758.3dfc: 00007ffbf1599271 / 0x0079271: 53 != 6b
7758.3dfc: 00007ffbf1599272 / 0x0079272: 48 != 72
7758.3dfc: 00007ffbf1599273 / 0x0079273: 83 != bb
7758.3dfc: 00007ffbf1599274 / 0x0079274: ec != 02
7758.3dfc: 00007ffbf1599275 / 0x0079275: 30 != cc
7758.3dfc: 00007ffbf159aa70 / 0x007aa70: 48 != e9
7758.3dfc: 00007ffbf159aa71 / 0x007aa71: 83 != 8b
7758.3dfc: 00007ffbf159aa72 / 0x007aa72: ec != 64
7758.3dfc: 00007ffbf159aa73 / 0x007aa73: 38 != bb
7758.3dfc: 00007ffbf159aa74 / 0x007aa74: 44 != 02
7758.3dfc: 00007ffbf159aa75 / 0x007aa75: 89 != cc
7758.3dfc: 00007ffbf159aa76 / 0x007aa76: 44 != cc
7758.3dfc: 00007ffbf159aa77 / 0x007aa77: 24 != cc
7758.3dfc: 00007ffbf159aa78 / 0x007aa78: 20 != cc
7758.3dfc: 00007ffbf159aaa0 / 0x007aaa0: 48 != e9
7758.3dfc: 00007ffbf159aaa1 / 0x007aaa1: 8b != 1b
7758.3dfc: 00007ffbf159aaa2 / 0x007aaa2: c4 != 65
7758.3dfc: 00007ffbf159aaa3 / 0x007aaa3: 48 != bb
7758.3dfc: 00007ffbf159aaa4 / 0x007aaa4: 89 != 02
7758.3dfc: 00007ffbf159aaa5 / 0x007aaa5: 58 != cc
7758.3dfc: 00007ffbf159aaa6 / 0x007aaa6: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1599000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf159cba0 / 0x007cba0: 89 != e9
7758.3dfc: 00007ffbf159cba1 / 0x007cba1: 4c != fb
7758.3dfc: 00007ffbf159cba2 / 0x007cba2: 24 != 4e
7758.3dfc: 00007ffbf159cba3 / 0x007cba3: 08 != bb
7758.3dfc: 00007ffbf159cba4 / 0x007cba4: 48 != 02
7758.3dfc: 00007ffbf159cba5 / 0x007cba5: 83 != cc
7758.3dfc: 00007ffbf159cba6 / 0x007cba6: ec != cc
7758.3dfc: 00007ffbf159cba7 / 0x007cba7: 38 != cc
7758.3dfc: 00007ffbf159cc10 / 0x007cc10: 48 != e9
7758.3dfc: 00007ffbf159cc11 / 0x007cc11: 8b != eb
7758.3dfc: 00007ffbf159cc12 / 0x007cc12: c4 != 54
7758.3dfc: 00007ffbf159cc13 / 0x007cc13: 48 != bb
7758.3dfc: 00007ffbf159cc14 / 0x007cc14: 89 != 02
7758.3dfc: 00007ffbf159cc15 / 0x007cc15: 58 != cc
7758.3dfc: 00007ffbf159cc16 / 0x007cc16: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf159b000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf159ea50 / 0x007ea50: 4c != e9
7758.3dfc: 00007ffbf159ea52 / 0x007ea52: dc != 26
7758.3dfc: 00007ffbf159ea53 / 0x007ea53: 48 != bb
7758.3dfc: 00007ffbf159ea54 / 0x007ea54: 83 != 02
7758.3dfc: 00007ffbf159ea55 / 0x007ea55: ec != cc
7758.3dfc: 00007ffbf159ea56 / 0x007ea56: 68 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf159d000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15a0730 / 0x0080730: 45 != e9
7758.3dfc: 00007ffbf15a0731 / 0x0080731: 33 != cb
7758.3dfc: 00007ffbf15a0732 / 0x0080732: c0 != 0a
7758.3dfc: 00007ffbf15a0733 / 0x0080733: 33 != bb
7758.3dfc: 00007ffbf15a0734 / 0x0080734: d2 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf159f000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15a1e20 / 0x0081e20: 48 != e9
7758.3dfc: 00007ffbf15a1e21 / 0x0081e21: 89 != 7b
7758.3dfc: 00007ffbf15a1e22 / 0x0081e22: 5c != f3
7758.3dfc: 00007ffbf15a1e23 / 0x0081e23: 24 != ba
7758.3dfc: 00007ffbf15a1e24 / 0x0081e24: 08 != 02
7758.3dfc: 00007ffbf15a26c0 / 0x00826c0: 48 != e9
7758.3dfc: 00007ffbf15a26c1 / 0x00826c1: 89 != 7b
7758.3dfc: 00007ffbf15a26c2 / 0x00826c2: 5c != f3
7758.3dfc: 00007ffbf15a26c3 / 0x00826c3: 24 != ba
7758.3dfc: 00007ffbf15a26c4 / 0x00826c4: 08 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf15a1000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15a4230 / 0x0084230: 4c != e9
7758.3dfc: 00007ffbf15a4231 / 0x0084231: 8b != 4b
7758.3dfc: 00007ffbf15a4232 / 0x0084232: dc != ce
7758.3dfc: 00007ffbf15a4233 / 0x0084233: 48 != ba
7758.3dfc: 00007ffbf15a4234 / 0x0084234: 83 != 02
7758.3dfc: 00007ffbf15a4235 / 0x0084235: ec != cc
7758.3dfc: 00007ffbf15a4236 / 0x0084236: 68 != cc
7758.3dfc: 00007ffbf15a42b0 / 0x00842b0: 4c != e9
7758.3dfc: 00007ffbf15a42b1 / 0x00842b1: 89 != 4b
7758.3dfc: 00007ffbf15a42b2 / 0x00842b2: 4c != c6
7758.3dfc: 00007ffbf15a42b3 / 0x00842b3: 24 != ba
7758.3dfc: 00007ffbf15a42b4 / 0x00842b4: 20 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf15a3000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15a7090 / 0x0087090: 48 != e9
7758.3dfc: 00007ffbf15a7091 / 0x0087091: 89 != cb
7758.3dfc: 00007ffbf15a7092 / 0x0087092: 5c != a1
7758.3dfc: 00007ffbf15a7093 / 0x0087093: 24 != ba
7758.3dfc: 00007ffbf15a7094 / 0x0087094: 08 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf15a7000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15a9750 / 0x0089750: 48 != e9
7758.3dfc: 00007ffbf15a9751 / 0x0089751: 89 != 0b
7758.3dfc: 00007ffbf15a9752 / 0x0089752: 5c != 8d
7758.3dfc: 00007ffbf15a9753 / 0x0089753: 24 != ba
7758.3dfc: 00007ffbf15a9754 / 0x0089754: 10 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf15a9000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf15ce2c0 / 0x00ae2c0: 48 != e9
7758.3dfc: 00007ffbf15ce2c1 / 0x00ae2c1: 83 != db
7758.3dfc: 00007ffbf15ce2c2 / 0x00ae2c2: ec != 1f
7758.3dfc: 00007ffbf15ce2c3 / 0x00ae2c3: 38 != b8
7758.3dfc: 00007ffbf15ce2c4 / 0x00ae2c4: 33 != 02
7758.3dfc: 00007ffbf15ce2c5 / 0x00ae2c5: c0 != cc
7758.3dfc: 00007ffbf15ce2f0 / 0x00ae2f0: 48 != e9
7758.3dfc: 00007ffbf15ce2f1 / 0x00ae2f1: 83 != 6b
7758.3dfc: 00007ffbf15ce2f2 / 0x00ae2f2: ec != 20
7758.3dfc: 00007ffbf15ce2f3 / 0x00ae2f3: 38 != b8
7758.3dfc: 00007ffbf15ce2f4 / 0x00ae2f4: b8 != 02
7758.3dfc: 00007ffbf15ce2f5 / 0x00ae2f5: 03 != cc
7758.3dfc: 00007ffbf15ce2f6 / 0x00ae2f6: 00 != cc
7758.3dfc: 00007ffbf15ce2f7 / 0x00ae2f7: 00 != cc
7758.3dfc: 00007ffbf15ce2f8 / 0x00ae2f8: 00 != cc
7758.3dfc: 00007ffbf15ce6d0 / 0x00ae6d0: 48 != e9
7758.3dfc: 00007ffbf15ce6d1 / 0x00ae6d1: 89 != 0b
7758.3dfc: 00007ffbf15ce6d2 / 0x00ae6d2: 5c != 1b
7758.3dfc: 00007ffbf15ce6d3 / 0x00ae6d3: 24 != b8
7758.3dfc: 00007ffbf15ce6d4 / 0x00ae6d4: 08 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf15cd000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf16049d1 / 0x00e49d1: 9b != eb
7758.3dfc: 00007ffbf16049d2 / 0x00e49d2: 55 != cb
7758.3dfc: 00007ffbf16049d3 / 0x00e49d3: 07 != b4
7758.3dfc: 00007ffbf16049d4 / 0x00e49d4: 00 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1603000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1606160 / 0x00e6160: 48 != e9
7758.3dfc: 00007ffbf1606161 / 0x00e6161: 8b != fb
7758.3dfc: 00007ffbf1606162 / 0x00e6162: c4 != b3
7758.3dfc: 00007ffbf1606163 / 0x00e6163: 48 != b4
7758.3dfc: 00007ffbf1606164 / 0x00e6164: 89 != 02
7758.3dfc: 00007ffbf1606165 / 0x00e6165: 58 != cc
7758.3dfc: 00007ffbf1606166 / 0x00e6166: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1605000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1607760 / 0x00e7760: 48 != e9
7758.3dfc: 00007ffbf1607761 / 0x00e7761: 83 != 9b
7758.3dfc: 00007ffbf1607762 / 0x00e7762: ec != 8b
7758.3dfc: 00007ffbf1607763 / 0x00e7763: 38 != b4
7758.3dfc: 00007ffbf1607764 / 0x00e7764: b8 != 02
7758.3dfc: 00007ffbf1607765 / 0x00e7765: 03 != cc
7758.3dfc: 00007ffbf1607766 / 0x00e7766: 00 != cc
7758.3dfc: 00007ffbf1607767 / 0x00e7767: 00 != cc
7758.3dfc: 00007ffbf1607768 / 0x00e7768: 00 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1607000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1635580 / 0x0115580: 48 != e9
7758.3dfc: 00007ffbf1635581 / 0x0115581: 8b != fb
7758.3dfc: 00007ffbf1635582 / 0x0115582: c4 != bd
7758.3dfc: 00007ffbf1635583 / 0x0115583: 48 != b1
7758.3dfc: 00007ffbf1635584 / 0x0115584: 89 != 02
7758.3dfc: 00007ffbf1635585 / 0x0115585: 58 != cc
7758.3dfc: 00007ffbf1635586 / 0x0115586: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1635000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf167c990 / 0x015c990: 48 != e9
7758.3dfc: 00007ffbf167c991 / 0x015c991: 83 != ab
7758.3dfc: 00007ffbf167c992 / 0x015c992: ec != 38
7758.3dfc: 00007ffbf167c993 / 0x015c993: 38 != ad
7758.3dfc: 00007ffbf167c994 / 0x015c994: 33 != 02
7758.3dfc: 00007ffbf167c995 / 0x015c995: c0 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf167b000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf167d080 / 0x015d080: 40 != e9
7758.3dfc: 00007ffbf167d081 / 0x015d081: 53 != 3b
7758.3dfc: 00007ffbf167d082 / 0x015d082: 48 != 42
7758.3dfc: 00007ffbf167d083 / 0x015d083: 81 != ad
7758.3dfc: 00007ffbf167d084 / 0x015d084: ec != 02
7758.3dfc: 00007ffbf167d085 / 0x015d085: 90 != cc
7758.3dfc: 00007ffbf167d086 / 0x015d086: 00 != cc
7758.3dfc: 00007ffbf167d087 / 0x015d087: 00 != cc
7758.3dfc: 00007ffbf167d088 / 0x015d088: 00 != cc
7758.3dfc: 00007ffbf167d960 / 0x015d960: 48 != e9
7758.3dfc: 00007ffbf167d961 / 0x015d961: 89 != 1b
7758.3dfc: 00007ffbf167d962 / 0x015d962: 5c != 28
7758.3dfc: 00007ffbf167d963 / 0x015d963: 24 != ad
7758.3dfc: 00007ffbf167d964 / 0x015d964: 08 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf167d000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1686300 / 0x0166300: 4c != e9
7758.3dfc: 00007ffbf1686301 / 0x0166301: 8b != 1b
7758.3dfc: 00007ffbf1686302 / 0x0166302: dc != a4
7758.3dfc: 00007ffbf1686303 / 0x0166303: 48 != ac
7758.3dfc: 00007ffbf1686304 / 0x0166304: 83 != 02
7758.3dfc: 00007ffbf1686305 / 0x0166305: ec != cc
7758.3dfc: 00007ffbf1686306 / 0x0166306: 48 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1685000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1688150 / 0x0168150: 48 != e9
7758.3dfc: 00007ffbf1688151 / 0x0168151: 89 != eb
7758.3dfc: 00007ffbf1688152 / 0x0168152: 5c != 8c
7758.3dfc: 00007ffbf1688153 / 0x0168153: 24 != ac
7758.3dfc: 00007ffbf1688154 / 0x0168154: 20 != 02
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1687000
7758.3dfc: kernelbase.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf1689110 / 0x0169110: 48 != e9
7758.3dfc: 00007ffbf1689111 / 0x0169111: 89 != 6b
7758.3dfc: 00007ffbf1689112 / 0x0169112: 5c != 73
7758.3dfc: 00007ffbf1689113 / 0x0169113: 24 != ac
7758.3dfc: 00007ffbf1689114 / 0x0169114: 08 != 02
7758.3dfc: 00007ffbf168a150 / 0x016a150: 48 != e9
7758.3dfc: 00007ffbf168a151 / 0x016a151: 8b != 0b
7758.3dfc: 00007ffbf168a152 / 0x016a152: c4 != 7a
7758.3dfc: 00007ffbf168a153 / 0x016a153: 48 != ac
7758.3dfc: 00007ffbf168a154 / 0x016a154: 89 != 02
7758.3dfc: 00007ffbf168a155 / 0x016a155: 58 != cc
7758.3dfc: 00007ffbf168a156 / 0x016a156: 08 != cc
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf1689000
7758.3dfc: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
7758.3dfc: 00007ffbf178e788 / 0x026e788: a0 != 90
7758.3dfc: 00007ffbf178e789 / 0x026e789: 05 != 79
7758.3dfc: 00007ffbf178e78a / 0x026e78a: fd != 3d
7758.3dfc: 00007ffbf178e78b / 0x026e78b: f3 != ed
7758.3dfc: 00007ffbf178e7c8 / 0x026e7c8: 60 != 10
7758.3dfc: 00007ffbf178e7c9 / 0x026e7c9: 0b != 82
7758.3dfc: 00007ffbf178e7ca / 0x026e7ca: fd != 40
7758.3dfc: 00007ffbf178e7cb / 0x026e7cb: f3 != ed
7758.3dfc: 00007ffbf178e900 / 0x026e900: b0 != 00
7758.3dfc: 00007ffbf178e901 / 0x026e901: 0c != 84
7758.3dfc: 00007ffbf178e902 / 0x026e902: fd != 40
7758.3dfc: 00007ffbf178e903 / 0x026e903: f3 != ed
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf178d000
7758.3dfc: kernelbase.dll: Differences in section #2 (.rdata) between file and memory:
7758.3dfc: 00007ffbf178f0f8 / 0x026f0f8: b0 != 00
7758.3dfc: 00007ffbf178f0f9 / 0x026f0f9: 0c != 84
7758.3dfc: 00007ffbf178f0fa / 0x026f0fa: fd != 40
7758.3dfc: 00007ffbf178f0fb / 0x026f0fb: f3 != ed
7758.3dfc: 00007ffbf178fd20 / 0x026fd20: 10 != f0
7758.3dfc: 00007ffbf178fd21 / 0x026fd21: c3 != f0
7758.3dfc: 00007ffbf178fd22 / 0x026fd22: 5f != fb
7758.3dfc: 00007ffbf178fd23 / 0x026fd23: f1 != f3
7758.3dfc: 00007ffbf178fd28 / 0x026fd28: c0 != 30
7758.3dfc: 00007ffbf178fd29 / 0x026fd29: c6 != f2
7758.3dfc: 00007ffbf178fd2a / 0x026fd2a: 5f != fb
7758.3dfc: 00007ffbf178fd2b / 0x026fd2b: f1 != f3
7758.3dfc: 00007ffbf178fd30 / 0x026fd30: 10 != f0
7758.3dfc: 00007ffbf178fd31 / 0x026fd31: c3 != f0
7758.3dfc: 00007ffbf178fd32 / 0x026fd32: 5f != fb
7758.3dfc: 00007ffbf178fd33 / 0x026fd33: f1 != f3
7758.3dfc: 00007ffbf178fd38 / 0x026fd38: e0 != 30
7758.3dfc: 00007ffbf178fd39 / 0x026fd39: c6 != f2
7758.3dfc: 00007ffbf178fd3a / 0x026fd3a: 5f != fb
7758.3dfc: 00007ffbf178fd3b / 0x026fd3b: f1 != f3
7758.3dfc: 00007ffbf178fd40 / 0x026fd40: e0 != 30
7758.3dfc: 00007ffbf178fd41 / 0x026fd41: c6 != f2
7758.3dfc: 00007ffbf178fd42 / 0x026fd42: 5f != fb
7758.3dfc: 00007ffbf178fd43 / 0x026fd43: f1 != f3
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf178f000
7758.3dfc: apphelp.dll: Differences in section #2 (.rdata) between file and memory:
7758.3dfc: 00007ffbed415280 / 0x0055280: d0 != f0
7758.3dfc: 00007ffbed415281 / 0x0055281: ab != 55
7758.3dfc: 00007ffbed415282 / 0x0055282: 58 != 02
7758.3dfc: 00007ffbed415283 / 0x0055283: f1 != f3
7758.3dfc: 00007ffbed415288 / 0x0055288: 50 != a0
7758.3dfc: 00007ffbed415289 / 0x0055289: ea != 61
7758.3dfc: 00007ffbed41528a / 0x005528a: 59 != 02
7758.3dfc: 00007ffbed41528b / 0x005528b: f1 != f3
7758.3dfc: 00007ffbed415290 / 0x0055290: f0 != 00
7758.3dfc: 00007ffbed415291 / 0x0055291: 9b != 45
7758.3dfc: 00007ffbed415292 / 0x0055292: 58 != 02
7758.3dfc: 00007ffbed415293 / 0x0055293: f1 != f3
7758.3dfc: 00007ffbed415298 / 0x0055298: 90 != c0
7758.3dfc: 00007ffbed415299 / 0x0055299: 70 != 97
7758.3dfc: 00007ffbed41529a / 0x005529a: 5a != 02
7758.3dfc: 00007ffbed41529b / 0x005529b: f1 != f3
7758.3dfc: 00007ffbed4152a0 / 0x00552a0: 00 != 50
7758.3dfc: 00007ffbed4152a1 / 0x00552a1: 67 != 27
7758.3dfc: 00007ffbed4152a2 / 0x00552a2: 53 != 01
7758.3dfc: 00007ffbed4152a3 / 0x00552a3: f1 != f3
7758.3dfc: 00007ffbed4152a8 / 0x00552a8: d0 != 60
7758.3dfc: 00007ffbed4152a9 / 0x00552a9: 71 != 01
7758.3dfc: 00007ffbed4152aa / 0x00552aa: 58 != 03
7758.3dfc: 00007ffbed4152ab / 0x00552ab: f1 != f3
7758.3dfc: 00007ffbed4152b0 / 0x00552b0: 40 != 70
7758.3dfc: 00007ffbed4152b1 / 0x00552b1: 38 != 01
7758.3dfc: 00007ffbed4152b2 / 0x00552b2: 56 != 03
7758.3dfc: 00007ffbed4152b3 / 0x00552b3: f1 != f3
7758.3dfc: 00007ffbed4152c0 / 0x00552c0: 00 != 30
7758.3dfc: 00007ffbed4152c1 / 0x00552c1: 24 != 47
7758.3dfc: 00007ffbed4152c2 / 0x00552c2: 55 != 02
7758.3dfc: 00007ffbed4152c3 / 0x00552c3: f1 != f3
7758.3dfc: 00007ffbed415898 / 0x0055898: 20 != f0
7758.3dfc: 00007ffbed415899 / 0x0055899: 4b != f0
7758.3dfc: 00007ffbed41589a / 0x005589a: 3d != fb
7758.3dfc: 00007ffbed41589b / 0x005589b: ed != f3
7758.3dfc: 00007ffbed4158a0 / 0x00558a0: a0 != 30
7758.3dfc: 00007ffbed4158a1 / 0x00558a1: 4c != f2
7758.3dfc: 00007ffbed4158a2 / 0x00558a2: 3d != fb
7758.3dfc: 00007ffbed4158a3 / 0x00558a3: ed != f3
7758.3dfc: 00007ffbed4158a8 / 0x00558a8: 20 != f0
7758.3dfc: 00007ffbed4158a9 / 0x00558a9: 4b != f0
7758.3dfc: 00007ffbed4158aa / 0x00558aa: 3d != fb
7758.3dfc: 00007ffbed4158ab / 0x00558ab: ed != f3
7758.3dfc: 00007ffbed4158b0 / 0x00558b0: c0 != 30
7758.3dfc: 00007ffbed4158b1 / 0x00558b1: 4c != f2
7758.3dfc: 00007ffbed4158b2 / 0x00558b2: 3d != fb
7758.3dfc: 00007ffbed4158b3 / 0x00558b3: ed != f3
7758.3dfc: 00007ffbed4158b8 / 0x00558b8: c0 != 30
7758.3dfc: 00007ffbed4158b9 / 0x00558b9: 4c != f2
7758.3dfc: 00007ffbed4158ba / 0x00558ba: 3d != fb
7758.3dfc: 00007ffbed4158bb / 0x00558bb: ed != f3
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbed415000
7758.3dfc: supHardNtVpCheckHandles:
7758.3dfc: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000064
7758.3dfc: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000060
7758.3dfc: supHardNtVpCheckHandles: Inheritable file handle: 0000000000000050
7758.3dfc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=52
7758.3dfc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
7758.3dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
7758.3dfc: supR3HardNtEnableThreadCreationEx:
7758.3dfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf3fa42c0 pvNtTerminateThread=00007ffbf3fd0b20
7758.3dfc: supR3HardenedWinDoReSpawn(1): New child 935c.98b0 [kernel32].
7758.3dfc: supR3HardNtChildGatherData: PebBaseAddress=0000001a70830000 cbPeb=0x388
7758.3dfc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbf3f30000 uNtDllChildAddr=00007ffbf3f30000
7758.3dfc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbf3fa42c0
7758.3dfc: supR3HardenedWinSetupChildInit: Initial context:
rax=0000000000000000 rbx=0000000000000000 rcx=00007ff66609b590 rdx=0000001a70830000
rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
rip=00007ffbf3f8aee0 rsp=0000001a70affe78 rbp=0000000000000000 ctxflags=0010001b
cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
7758.3dfc: supR3HardenedWinSetupChildInit: Start child.
7758.3dfc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
7758.3dfc: supR3HardNtChildPurify: Startup delay kludge #1/0: 262 ms, 17 sleeps
7758.3dfc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7758.3dfc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
7758.3dfc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
7758.3dfc: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
7758.3dfc: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
7758.3dfc: 000000007ffea000-0000001a707fffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000001a70800000-0000001a7082ffff 0x0000/0x0004 0x0020000
7758.3dfc: 0000001a70830000-0000001a70832fff 0x0004/0x0004 0x0020000
7758.3dfc: 0000001a70833000-0000001a709fffff 0x0000/0x0004 0x0020000
7758.3dfc: *0000001a70a00000-0000001a70afafff 0x0000/0x0004 0x0020000
7758.3dfc: 0000001a70afb000-0000001a70afdfff 0x0104/0x0004 0x0020000
7758.3dfc: 0000001a70afe000-0000001a70afffff 0x0004/0x0004 0x0020000
7758.3dfc: 0000001a70b00000-0000016f2142ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21430000-0000016f2144ffff 0x0004/0x0004 0x0020000
7758.3dfc: *0000016f21450000-0000016f2146efff 0x0002/0x0002 0x0040000
7758.3dfc: 0000016f2146f000-0000016f2146ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21470000-0000016f21473fff 0x0002/0x0002 0x0040000
7758.3dfc: 0000016f21474000-0000016f2147ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21480000-0000016f21480fff 0x0002/0x0002 0x0040000
7758.3dfc: 0000016f21481000-0000016f2148ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21490000-0000016f21491fff 0x0004/0x0004 0x0020000
7758.3dfc: 0000016f21492000-00007df5a6e1ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6e20000-00007df5a6e20fff 0x0020/0x0004 0x0020000 !!
7758.3dfc: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007df5a6e20000 (LB 0x1000, 00007df5a6e20000 LB 0x1000)
7758.3dfc: 000002983fd75270/0000: 16 00 20 00 00 00 00 00-10 00 e2 a6 f5 7d 00 00 .. ..........}..
000002983fd75280/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4...
000002983fd75290/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l...........
000002983fd752a0/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r.
000002983fd752b0/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
000002983fd752c0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e.
000002983fd752d0/0060: 6e 00 64 00 65 00 72 00-5c 00 42 00 69 00 74 00 n.d.e.r.\.B.i.t.
000002983fd752e0/0070: 64 00 65 00 66 00 65 00-6e 00 64 00 65 00 72 00 d.e.f.e.n.d.e.r.
000002983fd752f0/0080: 20 00 53 00 65 00 63 00-75 00 72 00 69 00 74 00 .S.e.c.u.r.i.t.
000002983fd75300/0090: 79 00 5c 00 61 00 74 00-63 00 75 00 66 00 5c 00 y.\.a.t.c.u.f.\.
000002983fd75310/00a0: 64 00 6c 00 6c 00 73 00-5f 00 32 00 36 00 37 00 d.l.l.s._.2.6.7.
000002983fd75320/00b0: 34 00 32 00 36 00 36 00-33 00 39 00 38 00 30 00 4.2.6.6.3.9.8.0.
000002983fd75330/00c0: 32 00 37 00 31 00 31 00-31 00 34 00 35 00 5c 00 2.7.1.1.1.4.5.\.
000002983fd75340/00d0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002983fd75350/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002983fd75360/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
7758.3dfc: 000002983fd75670/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
**************** **** <ditto x 2>
000002983fd756a0/0030: 16 00 20 00 00 00 00 00-40 04 e2 a6 f5 7d 00 00 .. .....@....}..
000002983fd756b0/0040: 62 00 64 00 68 00 6b 00-6d 00 36 00 34 00 2e 00 b.d.h.k.m.6.4...
000002983fd756c0/0050: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l...........
000002983fd756d0/0060: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r.
000002983fd756e0/0070: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
000002983fd756f0/0080: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e.
000002983fd75700/0090: 6e 00 64 00 65 00 72 00-5c 00 42 00 69 00 74 00 n.d.e.r.\.B.i.t.
000002983fd75710/00a0: 64 00 65 00 66 00 65 00-6e 00 64 00 65 00 72 00 d.e.f.e.n.d.e.r.
000002983fd75720/00b0: 20 00 53 00 65 00 63 00-75 00 72 00 69 00 74 00 .S.e.c.u.r.i.t.
000002983fd75730/00c0: 79 00 5c 00 62 00 64 00-68 00 6b 00 6d 00 5c 00 y.\.b.d.h.k.m.\.
000002983fd75740/00d0: 64 00 6c 00 6c 00 73 00-5f 00 32 00 36 00 37 00 d.l.l.s._.2.6.7.
000002983fd75750/00e0: 30 00 32 00 33 00 37 00-31 00 32 00 33 00 35 00 0.2.3.7.1.2.3.5.
000002983fd75760/00f0: 39 00 31 00 38 00 36 00-32 00 36 00 33 00 5c 00 9.1.8.6.2.6.3.\.
7758.3dfc: 000002983fd75a70/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
**************** **** <ditto x 5>
000002983fd75ad0/0060: 20 a6 f5 f3 fb 7f 00 00-c0 0a fd f3 fb 7f 00 00 ...............
000002983fd75ae0/0070: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH......
000002983fd75af0/0080: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@
000002983fd75b00/0090: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H.....
000002983fd75b10/00a0: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$(
000002983fd75b20/00b0: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I......
000002983fd75b30/00c0: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H.....
000002983fd75b40/00d0: ff ff d0 85 c0 0f 88 00-01 00 00 48 8d 35 8e ff ...........H.5..
000002983fd75b50/00e0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H......
000002983fd75b60/00f0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H..
7758.3dfc: 000002983fd75b70/0000: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H.
000002983fd75b80/0010: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$
000002983fd75b90/0020: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6.
000002983fd75ba0/0030: ff ff ff d0 85 c0 0f 88-9f 00 00 00 48 83 c4 40 ............H..@
000002983fd75bb0/0040: 41 59 41 58 5a 59 5f 5e-48 8b 05 11 ff ff ff 48 AYAXZY_^H......H
000002983fd75bc0/0050: 83 ec 20 ff d0 48 83 c4-20 85 c0 0f 88 86 00 00 .. ..H.. .......
000002983fd75bd0/0060: 00 65 48 8b 0c 25 60 00-00 00 ba 00 01 00 02 85 .eH..%`.........
000002983fd75be0/0070: 91 bc 00 00 00 75 70 48-8d 0d e2 fa ff ff 48 c7 .....upH......H.
000002983fd75bf0/0080: c2 00 00 00 00 4c 8d 05-a4 fa ff ff 4c 8d 4c 24 .....L......L.L$
000002983fd75c00/0090: 20 48 8b 05 c8 fe ff ff-48 83 ec 20 ff d0 48 83 H......H.. ..H.
000002983fd75c10/00a0: c4 20 85 c0 74 05 48 31-c0 eb 3c 48 8d 0d 7e f6 . ..t.H1..<H..~.
000002983fd75c20/00b0: ff ff 48 c7 c2 00 00 00-00 4c 8d 05 40 f6 ff ff ..H......L..@...
000002983fd75c30/00c0: 4c 8d 4c 24 20 48 8b 05-94 fe ff ff 48 83 ec 20 L.L$ H......H..
000002983fd75c40/00d0: ff d0 48 83 c4 20 48 31-c0 eb 0c 48 83 c4 40 41 ..H.. H1...H..@A
000002983fd75c50/00e0: 59 41 58 5a 59 5f 5e 48-83 c4 38 c3 00 00 00 00 YAXZY_^H..8.....
000002983fd75c60/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
7758.3dfc: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007df5a6e20000/00007df5a6e20000 LB 0/0x1000]
7758.3dfc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007df5a6e20000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
7758.3dfc: 00007df5a6e21000-00007df5a6e2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6e30000-00007df5a6e30fff 0x0002/0x0002 0x0040000
7758.3dfc: 00007df5a6e31000-00007df5a6e3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6e40000-00007df5a8694fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007df5a8695000-00007df5a87fafff 0x0001/0x0001 0x0040000
7758.3dfc: 00007df5a87fb000-00007df5a8c18fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007df5a8c19000-00007df5a8c19fff 0x0001/0x0001 0x0040000
7758.3dfc: 00007df5a8c1a000-00007fed7d7f7fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007fed7d7f8000-00007fed7d7f8fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007fed7d7f9000-00007ff5807c1fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff5807c2000-00007ff5807c6fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff5807c7000-00007ff591050fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff591051000-00007ff596b3bfff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff596b3c000-00007ff596b45fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff596b46000-00007ff5a6e3ffff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff5a6e40000-00007ff66608ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ff666090000-00007ff666090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666091000-00007ff6660fbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff6660fc000-00007ff6660fcfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff6660fd000-00007ff666150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666151000-00007ff666151fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666152000-00007ff666152fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666153000-00007ff666157fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666158000-00007ff66615dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff66615e000-00007ff666197fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666198000-00007ffbf3f2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbf3f30000-00007ffbf3f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf3f31000-00007ffbf4061fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf4062000-00007ffbf40affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40b0000-00007ffbf40bbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40bc000-00007ffbf40cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40cb000-00007ffbf40cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40cc000-00007ffbf40cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40cf000-00007ffbf4146fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf4147000-00007ffffffeffff 0x0001/0x0000 0x0000000
7758.3dfc: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:
7758.3dfc: 00007ff666196b2c / 0x0106b2c: 00 != 50
7758.3dfc: 00007ff666196b2d / 0x0106b2d: 00 != 41
7758.3dfc: 00007ff666196b2e / 0x0106b2e: 00 != 44
7758.3dfc: 00007ff666196b2f / 0x0106b2f: 00 != 44
7758.3dfc: 00007ff666196b30 / 0x0106b30: 00 != 49
7758.3dfc: 00007ff666196b31 / 0x0106b31: 00 != 4e
7758.3dfc: 00007ff666196b32 / 0x0106b32: 00 != 47
7758.3dfc: 00007ff666196b33 / 0x0106b33: 00 != 58
7758.3dfc: 00007ff666196b34 / 0x0106b34: 00 != 58
7758.3dfc: 00007ff666196b35 / 0x0106b35: 00 != 50
7758.3dfc: 00007ff666196b36 / 0x0106b36: 00 != 41
7758.3dfc: 00007ff666196b37 / 0x0106b37: 00 != 44
7758.3dfc: 00007ff666196b38 / 0x0106b38: 00 != 44
7758.3dfc: 00007ff666196b39 / 0x0106b39: 00 != 49
7758.3dfc: 00007ff666196b3a / 0x0106b3a: 00 != 4e
7758.3dfc: 00007ff666196b3b / 0x0106b3b: 00 != 47
7758.3dfc: 00007ff666196b3c / 0x0106b3c: 00 != 50
7758.3dfc: 00007ff666196b3d / 0x0106b3d: 00 != 41
7758.3dfc: 00007ff666196b3e / 0x0106b3e: 00 != 44
7758.3dfc: 00007ff666196b3f / 0x0106b3f: 00 != 44
7758.3dfc: 00007ff666196b40 / 0x0106b40: 00 != 49
7758.3dfc: 00007ff666196b41 / 0x0106b41: 00 != 4e
7758.3dfc: 00007ff666196b42 / 0x0106b42: 00 != 47
7758.3dfc: 00007ff666196b43 / 0x0106b43: 00 != 58
7758.3dfc: 00007ff666196b44 / 0x0106b44: 00 != 58
7758.3dfc: 00007ff666196b45 / 0x0106b45: 00 != 50
7758.3dfc: 00007ff666196b46 / 0x0106b46: 00 != 41
7758.3dfc: 00007ff666196b47 / 0x0106b47: 00 != 44
7758.3dfc: 00007ff666196b48 / 0x0106b48: 00 != 44
7758.3dfc: 00007ff666196b49 / 0x0106b49: 00 != 49
7758.3dfc: 00007ff666196b4a / 0x0106b4a: 00 != 4e
7758.3dfc: 00007ff666196b4b / 0x0106b4b: 00 != 47
7758.3dfc: 00007ff666196b4c / 0x0106b4c: 00 != 50
7758.3dfc: 00007ff666196b4d / 0x0106b4d: 00 != 41
7758.3dfc: 00007ff666196b4e / 0x0106b4e: 00 != 44
7758.3dfc: 00007ff666196b4f / 0x0106b4f: 00 != 44
7758.3dfc: 00007ff666196b50 / 0x0106b50: 00 != 49
7758.3dfc: 00007ff666196b51 / 0x0106b51: 00 != 4e
7758.3dfc: 00007ff666196b52 / 0x0106b52: 00 != 47
7758.3dfc: 00007ff666196b53 / 0x0106b53: 00 != 58
7758.3dfc: 00007ff666196b54 / 0x0106b54: 00 != 58
7758.3dfc: 00007ff666196b55 / 0x0106b55: 00 != 50
7758.3dfc: 00007ff666196b56 / 0x0106b56: 00 != 41
7758.3dfc: 00007ff666196b57 / 0x0106b57: 00 != 44
7758.3dfc: 00007ff666196b58 / 0x0106b58: 00 != 44
7758.3dfc: 00007ff666196b59 / 0x0106b59: 00 != 49
7758.3dfc: 00007ff666196b5a / 0x0106b5a: 00 != 4e
7758.3dfc: 00007ff666196b5b / 0x0106b5b: 00 != 47
7758.3dfc: 00007ff666196b5c / 0x0106b5c: 00 != 50
7758.3dfc: 00007ff666196b5d / 0x0106b5d: 00 != 41
7758.3dfc: 00007ff666196b5e / 0x0106b5e: 00 != 44
7758.3dfc: 00007ff666196b5f / 0x0106b5f: 00 != 44
7758.3dfc: 00007ff666196b60 / 0x0106b60: 00 != 49
7758.3dfc: 00007ff666196b61 / 0x0106b61: 00 != 4e
7758.3dfc: 00007ff666196b62 / 0x0106b62: 00 != 47
7758.3dfc: 00007ff666196b63 / 0x0106b63: 00 != 58
7758.3dfc: 00007ff666196b64 / 0x0106b64: 00 != 58
7758.3dfc: 00007ff666196b65 / 0x0106b65: 00 != 50
7758.3dfc: 00007ff666196b66 / 0x0106b66: 00 != 41
7758.3dfc: 00007ff666196b67 / 0x0106b67: 00 != 44
7758.3dfc: 00007ff666196b68 / 0x0106b68: 00 != 44
7758.3dfc: 00007ff666196b69 / 0x0106b69: 00 != 49
7758.3dfc: 00007ff666196b6a / 0x0106b6a: 00 != 4e
7758.3dfc: 00007ff666196b6b / 0x0106b6b: 00 != 47
7758.3dfc: 00007ff666196b6c / 0x0106b6c: 00 != 50
7758.3dfc: 00007ff666196b6d / 0x0106b6d: 00 != 41
7758.3dfc: 00007ff666196b6e / 0x0106b6e: 00 != 44
7758.3dfc: 00007ff666196b6f / 0x0106b6f: 00 != 44
7758.3dfc: 00007ff666196b70 / 0x0106b70: 00 != 49
7758.3dfc: 00007ff666196b71 / 0x0106b71: 00 != 4e
7758.3dfc: 00007ff666196b72 / 0x0106b72: 00 != 47
7758.3dfc: 00007ff666196b73 / 0x0106b73: 00 != 58
7758.3dfc: 00007ff666196b74 / 0x0106b74: 00 != 58
7758.3dfc: 00007ff666196b75 / 0x0106b75: 00 != 50
7758.3dfc: 00007ff666196b76 / 0x0106b76: 00 != 41
7758.3dfc: 00007ff666196b77 / 0x0106b77: 00 != 44
7758.3dfc: 00007ff666196b78 / 0x0106b78: 00 != 44
7758.3dfc: 00007ff666196b79 / 0x0106b79: 00 != 49
7758.3dfc: 00007ff666196b7a / 0x0106b7a: 00 != 4e
7758.3dfc: 00007ff666196b7b / 0x0106b7b: 00 != 47
7758.3dfc: 00007ff666196b7c / 0x0106b7c: 00 != 50
7758.3dfc: 00007ff666196b7d / 0x0106b7d: 00 != 41
7758.3dfc: 00007ff666196b7e / 0x0106b7e: 00 != 44
7758.3dfc: 00007ff666196b7f / 0x0106b7f: 00 != 44
7758.3dfc: 00007ff666196b80 / 0x0106b80: 00 != 49
7758.3dfc: 00007ff666196b81 / 0x0106b81: 00 != 4e
7758.3dfc: 00007ff666196b82 / 0x0106b82: 00 != 47
7758.3dfc: 00007ff666196b83 / 0x0106b83: 00 != 58
7758.3dfc: 00007ff666196b84 / 0x0106b84: 00 != 58
7758.3dfc: 00007ff666196b85 / 0x0106b85: 00 != 50
7758.3dfc: 00007ff666196b86 / 0x0106b86: 00 != 41
7758.3dfc: 00007ff666196b87 / 0x0106b87: 00 != 44
7758.3dfc: 00007ff666196b88 / 0x0106b88: 00 != 44
7758.3dfc: 00007ff666196b89 / 0x0106b89: 00 != 49
7758.3dfc: 00007ff666196b8a / 0x0106b8a: 00 != 4e
7758.3dfc: 00007ff666196b8b / 0x0106b8b: 00 != 47
7758.3dfc: 00007ff666196b8c / 0x0106b8c: 00 != 50
7758.3dfc: 00007ff666196b8d / 0x0106b8d: 00 != 41
7758.3dfc: 00007ff666196b8e / 0x0106b8e: 00 != 44
7758.3dfc: 00007ff666196b8f / 0x0106b8f: 00 != 44
7758.3dfc: 00007ff666196b90 / 0x0106b90: 00 != 49
7758.3dfc: 00007ff666196b91 / 0x0106b91: 00 != 4e
7758.3dfc: 00007ff666196b92 / 0x0106b92: 00 != 47
7758.3dfc: 00007ff666196b93 / 0x0106b93: 00 != 58
7758.3dfc: 00007ff666196b94 / 0x0106b94: 00 != 58
7758.3dfc: 00007ff666196b95 / 0x0106b95: 00 != 50
7758.3dfc: 00007ff666196b96 / 0x0106b96: 00 != 41
7758.3dfc: 00007ff666196b97 / 0x0106b97: 00 != 44
7758.3dfc: 00007ff666196b98 / 0x0106b98: 00 != 44
7758.3dfc: 00007ff666196b99 / 0x0106b99: 00 != 49
7758.3dfc: 00007ff666196b9a / 0x0106b9a: 00 != 4e
7758.3dfc: 00007ff666196b9b / 0x0106b9b: 00 != 47
7758.3dfc: 00007ff666196b9c / 0x0106b9c: 00 != 50
7758.3dfc: 00007ff666196b9d / 0x0106b9d: 00 != 41
7758.3dfc: 00007ff666196b9e / 0x0106b9e: 00 != 44
7758.3dfc: 00007ff666196b9f / 0x0106b9f: 00 != 44
7758.3dfc: 00007ff666196ba0 / 0x0106ba0: 00 != 49
7758.3dfc: 00007ff666196ba1 / 0x0106ba1: 00 != 4e
7758.3dfc: 00007ff666196ba2 / 0x0106ba2: 00 != 47
7758.3dfc: 00007ff666196ba3 / 0x0106ba3: 00 != 58
7758.3dfc: 00007ff666196ba4 / 0x0106ba4: 00 != 58
7758.3dfc: 00007ff666196ba5 / 0x0106ba5: 00 != 50
7758.3dfc: 00007ff666196ba6 / 0x0106ba6: 00 != 41
7758.3dfc: 00007ff666196ba7 / 0x0106ba7: 00 != 44
7758.3dfc: 00007ff666196ba8 / 0x0106ba8: 00 != 44
7758.3dfc: 00007ff666196ba9 / 0x0106ba9: 00 != 49
7758.3dfc: 00007ff666196baa / 0x0106baa: 00 != 4e
7758.3dfc: 00007ff666196bab / 0x0106bab: 00 != 47
7758.3dfc: 00007ff666196bac / 0x0106bac: 00 != 50
7758.3dfc: 00007ff666196bad / 0x0106bad: 00 != 41
7758.3dfc: 00007ff666196bae / 0x0106bae: 00 != 44
7758.3dfc: 00007ff666196baf / 0x0106baf: 00 != 44
7758.3dfc: 00007ff666196bb0 / 0x0106bb0: 00 != 49
7758.3dfc: 00007ff666196bb1 / 0x0106bb1: 00 != 4e
7758.3dfc: 00007ff666196bb2 / 0x0106bb2: 00 != 47
7758.3dfc: 00007ff666196bb3 / 0x0106bb3: 00 != 58
7758.3dfc: 00007ff666196bb4 / 0x0106bb4: 00 != 58
7758.3dfc: 00007ff666196bb5 / 0x0106bb5: 00 != 50
7758.3dfc: 00007ff666196bb6 / 0x0106bb6: 00 != 41
7758.3dfc: 00007ff666196bb7 / 0x0106bb7: 00 != 44
7758.3dfc: 00007ff666196bb8 / 0x0106bb8: 00 != 44
7758.3dfc: 00007ff666196bb9 / 0x0106bb9: 00 != 49
7758.3dfc: 00007ff666196bba / 0x0106bba: 00 != 4e
7758.3dfc: 00007ff666196bbb / 0x0106bbb: 00 != 47
7758.3dfc: 00007ff666196bbc / 0x0106bbc: 00 != 50
7758.3dfc: 00007ff666196bbd / 0x0106bbd: 00 != 41
7758.3dfc: 00007ff666196bbe / 0x0106bbe: 00 != 44
7758.3dfc: 00007ff666196bbf / 0x0106bbf: 00 != 44
7758.3dfc: 00007ff666196bc0 / 0x0106bc0: 00 != 49
7758.3dfc: 00007ff666196bc1 / 0x0106bc1: 00 != 4e
7758.3dfc: 00007ff666196bc2 / 0x0106bc2: 00 != 47
7758.3dfc: 00007ff666196bc3 / 0x0106bc3: 00 != 58
7758.3dfc: 00007ff666196bc4 / 0x0106bc4: 00 != 58
7758.3dfc: 00007ff666196bc5 / 0x0106bc5: 00 != 50
7758.3dfc: 00007ff666196bc6 / 0x0106bc6: 00 != 41
7758.3dfc: 00007ff666196bc7 / 0x0106bc7: 00 != 44
7758.3dfc: 00007ff666196bc8 / 0x0106bc8: 00 != 44
7758.3dfc: 00007ff666196bc9 / 0x0106bc9: 00 != 49
7758.3dfc: 00007ff666196bca / 0x0106bca: 00 != 4e
7758.3dfc: 00007ff666196bcb / 0x0106bcb: 00 != 47
7758.3dfc: 00007ff666196bcc / 0x0106bcc: 00 != 50
7758.3dfc: 00007ff666196bcd / 0x0106bcd: 00 != 41
7758.3dfc: 00007ff666196bce / 0x0106bce: 00 != 44
7758.3dfc: 00007ff666196bcf / 0x0106bcf: 00 != 44
7758.3dfc: 00007ff666196bd0 / 0x0106bd0: 00 != 49
7758.3dfc: 00007ff666196bd1 / 0x0106bd1: 00 != 4e
7758.3dfc: 00007ff666196bd2 / 0x0106bd2: 00 != 47
7758.3dfc: 00007ff666196bd3 / 0x0106bd3: 00 != 58
7758.3dfc: 00007ff666196bd4 / 0x0106bd4: 00 != 58
7758.3dfc: 00007ff666196bd5 / 0x0106bd5: 00 != 50
7758.3dfc: 00007ff666196bd6 / 0x0106bd6: 00 != 41
7758.3dfc: 00007ff666196bd7 / 0x0106bd7: 00 != 44
7758.3dfc: 00007ff666196bd8 / 0x0106bd8: 00 != 44
7758.3dfc: 00007ff666196bd9 / 0x0106bd9: 00 != 49
7758.3dfc: 00007ff666196bda / 0x0106bda: 00 != 4e
7758.3dfc: 00007ff666196bdb / 0x0106bdb: 00 != 47
7758.3dfc: 00007ff666196bdc / 0x0106bdc: 00 != 50
7758.3dfc: 00007ff666196bdd / 0x0106bdd: 00 != 41
7758.3dfc: 00007ff666196bde / 0x0106bde: 00 != 44
7758.3dfc: 00007ff666196bdf / 0x0106bdf: 00 != 44
7758.3dfc: 00007ff666196be0 / 0x0106be0: 00 != 49
7758.3dfc: 00007ff666196be1 / 0x0106be1: 00 != 4e
7758.3dfc: 00007ff666196be2 / 0x0106be2: 00 != 47
7758.3dfc: 00007ff666196be3 / 0x0106be3: 00 != 58
7758.3dfc: 00007ff666196be4 / 0x0106be4: 00 != 58
7758.3dfc: 00007ff666196be5 / 0x0106be5: 00 != 50
7758.3dfc: 00007ff666196be6 / 0x0106be6: 00 != 41
7758.3dfc: 00007ff666196be7 / 0x0106be7: 00 != 44
7758.3dfc: 00007ff666196be8 / 0x0106be8: 00 != 44
7758.3dfc: 00007ff666196be9 / 0x0106be9: 00 != 49
7758.3dfc: 00007ff666196bea / 0x0106bea: 00 != 4e
7758.3dfc: 00007ff666196beb / 0x0106beb: 00 != 47
7758.3dfc: 00007ff666196bec / 0x0106bec: 00 != 50
7758.3dfc: 00007ff666196bed / 0x0106bed: 00 != 41
7758.3dfc: 00007ff666196bee / 0x0106bee: 00 != 44
7758.3dfc: 00007ff666196bef / 0x0106bef: 00 != 44
7758.3dfc: 00007ff666196bf0 / 0x0106bf0: 00 != 49
7758.3dfc: 00007ff666196bf1 / 0x0106bf1: 00 != 4e
7758.3dfc: 00007ff666196bf2 / 0x0106bf2: 00 != 47
7758.3dfc: 00007ff666196bf3 / 0x0106bf3: 00 != 58
7758.3dfc: 00007ff666196bf4 / 0x0106bf4: 00 != 58
7758.3dfc: 00007ff666196bf5 / 0x0106bf5: 00 != 50
7758.3dfc: 00007ff666196bf6 / 0x0106bf6: 00 != 41
7758.3dfc: 00007ff666196bf7 / 0x0106bf7: 00 != 44
7758.3dfc: 00007ff666196bf8 / 0x0106bf8: 00 != 44
7758.3dfc: 00007ff666196bf9 / 0x0106bf9: 00 != 49
7758.3dfc: 00007ff666196bfa / 0x0106bfa: 00 != 4e
7758.3dfc: 00007ff666196bfb / 0x0106bfb: 00 != 47
7758.3dfc: 00007ff666196bfc / 0x0106bfc: 00 != 50
7758.3dfc: 00007ff666196bfd / 0x0106bfd: 00 != 41
7758.3dfc: 00007ff666196bfe / 0x0106bfe: 00 != 44
7758.3dfc: 00007ff666196bff / 0x0106bff: 00 != 44
7758.3dfc: Restored 0x4d4 bytes of original file content at 00007ff666196b2c
7758.3dfc: ntdll.dll: Differences in section #1 (.text) between file and memory:
7758.3dfc: 00007ffbf3f5a621 / 0x002a621: 89 != b8
7758.3dfc: 00007ffbf3f5a622 / 0x002a622: 5c != 80
7758.3dfc: 00007ffbf3f5a623 / 0x002a623: 24 != 08
7758.3dfc: 00007ffbf3f5a624 / 0x002a624: 10 != e2
7758.3dfc: 00007ffbf3f5a625 / 0x002a625: 56 != a6
7758.3dfc: 00007ffbf3f5a626 / 0x002a626: 57 != f5
7758.3dfc: 00007ffbf3f5a627 / 0x002a627: 41 != 7d
7758.3dfc: 00007ffbf3f5a628 / 0x002a628: 56 != 00
7758.3dfc: 00007ffbf3f5a629 / 0x002a629: 48 != 00
7758.3dfc: 00007ffbf3f5a62a / 0x002a62a: 81 != ff
7758.3dfc: 00007ffbf3f5a62b / 0x002a62b: ec != e0
7758.3dfc: Restored 0x2000 bytes of original file content at 00007ffbf3f59000
7758.3dfc: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x80000000
7758.3dfc: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 33 sleeps
7758.3dfc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
7758.3dfc: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
7758.3dfc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
7758.3dfc: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
7758.3dfc: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
7758.3dfc: 000000007ffea000-0000001a707fffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000001a70800000-0000001a7082ffff 0x0000/0x0004 0x0020000
7758.3dfc: 0000001a70830000-0000001a70832fff 0x0004/0x0004 0x0020000
7758.3dfc: 0000001a70833000-0000001a709fffff 0x0000/0x0004 0x0020000
7758.3dfc: *0000001a70a00000-0000001a70afafff 0x0000/0x0004 0x0020000
7758.3dfc: 0000001a70afb000-0000001a70afdfff 0x0104/0x0004 0x0020000
7758.3dfc: 0000001a70afe000-0000001a70afffff 0x0004/0x0004 0x0020000
7758.3dfc: 0000001a70b00000-0000016f2142ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21430000-0000016f2144ffff 0x0004/0x0004 0x0020000
7758.3dfc: *0000016f21450000-0000016f2146efff 0x0002/0x0002 0x0040000
7758.3dfc: 0000016f2146f000-0000016f2146ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21470000-0000016f21473fff 0x0002/0x0002 0x0040000
7758.3dfc: 0000016f21474000-0000016f2147ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21480000-0000016f21480fff 0x0002/0x0002 0x0040000
7758.3dfc: 0000016f21481000-0000016f2148ffff 0x0001/0x0000 0x0000000
7758.3dfc: *0000016f21490000-0000016f21491fff 0x0004/0x0004 0x0020000
7758.3dfc: 0000016f21492000-00007df5a6e2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6e30000-00007df5a6e30fff 0x0002/0x0002 0x0040000
7758.3dfc: 00007df5a6e31000-00007df5a6e3ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007df5a6e40000-00007df5a8694fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007df5a8695000-00007df5a87fafff 0x0001/0x0001 0x0040000
7758.3dfc: 00007df5a87fb000-00007df5a8c18fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007df5a8c19000-00007df5a8c19fff 0x0001/0x0001 0x0040000
7758.3dfc: 00007df5a8c1a000-00007fed7d7f7fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007fed7d7f8000-00007fed7d7f8fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007fed7d7f9000-00007ff5807c1fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff5807c2000-00007ff5807c6fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff5807c7000-00007ff591050fff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff591051000-00007ff596b3bfff 0x0001/0x0001 0x0040000
7758.3dfc: 00007ff596b3c000-00007ff596b45fff 0x0002/0x0001 0x0040000
7758.3dfc: 00007ff596b46000-00007ff5a6e3ffff 0x0000/0x0001 0x0040000
7758.3dfc: 00007ff5a6e40000-00007ff66608ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ff666090000-00007ff666090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666091000-00007ff6660fbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff6660fc000-00007ff6660fcfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff6660fd000-00007ff666150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666151000-00007ff66615dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff66615e000-00007ff666197fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
7758.3dfc: 00007ff666198000-00007ffbf3f2ffff 0x0001/0x0000 0x0000000
7758.3dfc: *00007ffbf3f30000-00007ffbf3f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf3f31000-00007ffbf4061fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf4062000-00007ffbf40affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40b0000-00007ffbf40b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40b4000-00007ffbf40bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40bc000-00007ffbf40cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40cb000-00007ffbf40cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40cc000-00007ffbf40cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf40cf000-00007ffbf4146fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
7758.3dfc: 00007ffbf4147000-00007ffffffeffff 0x0001/0x0000 0x0000000
7758.3dfc: supR3HardNtChildPurify: Done after 790 ms and 3 fixes (loop #1).
935c.98b0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbf3f30000 g_uNtVerCombined=0xa0586700 (stack ~0000001a70afec40)
7758.3dfc: supR3HardNtEnableThreadCreationEx:
935c.98b0: ntdll.dll: timestamp 0xf9f266e7 (rc=VINF_SUCCESS)
935c.98b0: New simple heap: #1 0000016f215a0000 LB 0x800000 (for 2191360 allocation)
935c.98b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
935c.98b0: System32: \Device\HarddiskVolume3\Windows\System32
935c.98b0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
935c.98b0: KnownDllPath: C:\Windows\System32
935c.98b0: supR3HardenedVmProcessInit: Opening vboxsup stub...
935c.98b0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
935c.98b0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
935c.98b0: Registered Dll notification callback with NTDLL.
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
935c.98b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
935c.98b0: supR3HardenedDllNotificationCallback: load 00007ffbf1520000 LB 0x003b7000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
935c.98b0: supR3HardenedDllNotificationCallback: load 00007ffbf3010000 LB 0x000c4000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
935c.98b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3010000 'C:\Windows\System32\KERNEL32.DLL'
935c.98b0: supR3HardenedDllNotificationCallback: load 00007ff666090000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
935c.98b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf3fa42c0 pvNtTerminateThread=00007ffbf3fd0b20
7758.3dfc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 46 ms.
935c.98b0: \SystemRoot\System32\ntdll.dll:
935c.98b0: CreationTime: 2024-10-12T16:13:13.337096100Z
935c.98b0: LastWriteTime: 2024-10-12T16:13:13.368170000Z
935c.98b0: ChangeTime: 2024-10-15T19:50:08.320152600Z
935c.98b0: FileAttributes: 0x20
935c.98b0: Size: 0x216090
935c.98b0: NT Headers: 0xe8
935c.98b0: Timestamp: 0xf9f266e7
935c.98b0: Machine: 0x8664 - amd64
935c.98b0: Timestamp: 0xf9f266e7
935c.98b0: Image Version: 10.0
935c.98b0: SizeOfImage: 0x217000 (2191360)
935c.98b0: Resource Dir: 0x1a0000 LB 0x759a8
935c.98b0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
935c.98b0: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
935c.98b0: ProductName: Microsoft® Windows® Operating System
935c.98b0: ProductVersion: 10.0.22621.4317
935c.98b0: FileVersion: 10.0.22621.4317 (WinBuild.160101.0800)
935c.98b0: FileDescription: NT Layer DLL
935c.98b0: \SystemRoot\System32\kernel32.dll:
935c.98b0: CreationTime: 2024-08-18T11:45:46.245614200Z
935c.98b0: LastWriteTime: 2024-08-18T11:45:46.259376700Z
935c.98b0: ChangeTime: 2024-10-12T16:14:17.580433400Z
935c.98b0: FileAttributes: 0x20
935c.98b0: Size: 0xc7168
935c.98b0: NT Headers: 0xe8
935c.98b0: Timestamp: 0xa9f358b9
935c.98b0: Machine: 0x8664 - amd64
935c.98b0: Timestamp: 0xa9f358b9
935c.98b0: Image Version: 10.0
935c.98b0: SizeOfImage: 0xc4000 (802816)
935c.98b0: Resource Dir: 0xc2000 LB 0x520
935c.98b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
935c.98b0: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
935c.98b0: ProductName: Microsoft® Windows® Operating System
935c.98b0: ProductVersion: 10.0.22621.3958
935c.98b0: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
935c.98b0: FileDescription: Windows NT BASE API Client DLL
935c.98b0: \SystemRoot\System32\KernelBase.dll:
935c.98b0: CreationTime: 2024-10-12T16:13:13.874348200Z
935c.98b0: LastWriteTime: 2024-10-12T16:13:13.976987600Z
935c.98b0: ChangeTime: 2024-10-15T19:50:07.879884900Z
935c.98b0: FileAttributes: 0x20
935c.98b0: Size: 0x3bdba0
935c.98b0: NT Headers: 0xf8
935c.98b0: Timestamp: 0xcf64c6a
935c.98b0: Machine: 0x8664 - amd64
935c.98b0: Timestamp: 0xcf64c6a
935c.98b0: Image Version: 10.0
935c.98b0: SizeOfImage: 0x3b7000 (3895296)
935c.98b0: Resource Dir: 0x386000 LB 0x548
935c.98b0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
935c.98b0: [Raw version resource data: 0x3860b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
935c.98b0: ProductName: Microsoft® Windows® Operating System
935c.98b0: ProductVersion: 10.0.22621.4249
935c.98b0: FileVersion: 10.0.22621.4249 (WinBuild.160101.0800)
935c.98b0: FileDescription: Windows NT BASE API Client DLL
935c.98b0: \SystemRoot\System32\apisetschema.dll:
935c.98b0: CreationTime: 2024-08-18T11:45:33.363168100Z
935c.98b0: LastWriteTime: 2024-08-18T11:45:33.366168300Z
935c.98b0: ChangeTime: 2024-10-12T16:14:17.396998700Z
935c.98b0: FileAttributes: 0x20
935c.98b0: Size: 0x245e0
935c.98b0: NT Headers: 0xc8
935c.98b0: Timestamp: 0x8f476251
935c.98b0: Machine: 0x8664 - amd64
935c.98b0: Timestamp: 0x8f476251
935c.98b0: Image Version: 10.0
935c.98b0: SizeOfImage: 0x23000 (143360)
935c.98b0: Resource Dir: 0x22000 LB 0x408
935c.98b0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
935c.98b0: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
935c.98b0: ProductName: Microsoft® Windows® Operating System
935c.98b0: ProductVersion: 10.0.22621.3958
935c.98b0: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
935c.98b0: FileDescription: ApiSet Schema DLL
935c.98b0: supR3HardenedWinFindAdversaries: 0x0
935c.98b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
935c.98b0: Calling main()
935c.98b0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
935c.98b0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
935c.98b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
935c.98b0: SUPR3HardenedMain: Respawn #2
935c.98b0: supR3HardNtEnableThreadCreationEx:
935c.98b0: supR3HardenedDllNotificationCallback: load 00007ffbf1400000 LB 0x00028000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
935c.98b0: supR3HardenedDllNotificationCallback: load 00007ffbf3a90000 LB 0x000a8000 C:\Windows\System32\sechost.dll [fFlags=0x0]
935c.98b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
935c.98b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
935c.98b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
935c.98b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3f30000 'C:\Windows\System32\ntdll.dll'
935c.98b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\KernelBase.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KernelBase.dll (Input=KernelBase, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'C:\Windows\System32\KernelBase.dll'
935c.98b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
935c.98b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
935c.98b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
935c.98b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedDllNotificationCallback: load 00007ffbed3c0000 LB 0x00097000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
935c.98b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3f30000 'C:\Windows\System32\ntdll.dll'
935c.98b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [lacks WinVerifyTrust]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
935c.98b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3f30000 'C:\Windows\System32\ntdll.dll'
935c.98b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbed3c0000 'C:\Windows\system32\apphelp.dll'
935c.98b0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf3fa42c0 pvNtTerminateThread=00007ffbf3fd0b20
935c.98b0: supR3HardenedWinDoReSpawn(2): New child 9c80.8984 [kernel32].
935c.98b0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
935c.98b0: supR3HardNtChildGatherData: PebBaseAddress=000000b00abeb000 cbPeb=0x388
935c.98b0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbf3f30000 uNtDllChildAddr=00007ffbf3f30000
935c.98b0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbf3fa42c0
935c.98b0: supR3HardenedWinSetupChildInit: Initial context:
rax=0000000000000000 rbx=0000000000000000 rcx=00007ff66609b590 rdx=000000b00abeb000
rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
rip=00007ffbf3f8aee0 rsp=000000b00acffde8 rbp=0000000000000000 ctxflags=0010001b
cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
935c.98b0: kernel32.dll: timestamp 0xa9f358b9 (rc=VINF_SUCCESS)
935c.98b0: supR3HardenedWinSetupChildInit: Start child.
935c.98b0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
935c.98b0: supR3HardNtChildPurify: Startup delay kludge #1/0: 261 ms, 17 sleeps
935c.98b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
935c.98b0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
935c.98b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
935c.98b0: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
935c.98b0: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
935c.98b0: 000000007ffea000-000000b00a9fffff 0x0001/0x0000 0x0000000
935c.98b0: *000000b00aa00000-000000b00abeafff 0x0000/0x0004 0x0020000
935c.98b0: 000000b00abeb000-000000b00abedfff 0x0004/0x0004 0x0020000
935c.98b0: 000000b00abee000-000000b00abfffff 0x0000/0x0004 0x0020000
935c.98b0: *000000b00ac00000-000000b00acfafff 0x0000/0x0004 0x0020000
935c.98b0: 000000b00acfb000-000000b00acfdfff 0x0104/0x0004 0x0020000
935c.98b0: 000000b00acfe000-000000b00acfffff 0x0004/0x0004 0x0020000
935c.98b0: 000000b00ad00000-000002207148ffff 0x0001/0x0000 0x0000000
935c.98b0: *0000022071490000-00000220714affff 0x0004/0x0004 0x0020000
935c.98b0: *00000220714b0000-00000220714cefff 0x0002/0x0002 0x0040000
935c.98b0: 00000220714cf000-00000220714cffff 0x0001/0x0000 0x0000000
935c.98b0: *00000220714d0000-00000220714d3fff 0x0002/0x0002 0x0040000
935c.98b0: 00000220714d4000-00000220714dffff 0x0001/0x0000 0x0000000
935c.98b0: *00000220714e0000-00000220714e0fff 0x0002/0x0002 0x0040000
935c.98b0: 00000220714e1000-00000220714effff 0x0001/0x0000 0x0000000
935c.98b0: *00000220714f0000-00000220714f1fff 0x0004/0x0004 0x0020000
935c.98b0: 00000220714f2000-00007df5aaadffff 0x0001/0x0000 0x0000000
935c.98b0: *00007df5aaae0000-00007df5aaae0fff 0x0020/0x0004 0x0020000 !!
935c.98b0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007df5aaae0000 (LB 0x1000, 00007df5aaae0000 LB 0x1000)
935c.98b0: 0000016f22166570/0000: 16 00 20 00 00 00 00 00-10 00 ae aa f5 7d 00 00 .. ..........}..
0000016f22166580/0010: 61 00 74 00 63 00 75 00-66 00 36 00 34 00 2e 00 a.t.c.u.f.6.4...
0000016f22166590/0020: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l...........
0000016f221665a0/0030: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r.
0000016f221665b0/0040: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
0000016f221665c0/0050: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e.
0000016f221665d0/0060: 6e 00 64 00 65 00 72 00-5c 00 42 00 69 00 74 00 n.d.e.r.\.B.i.t.
0000016f221665e0/0070: 64 00 65 00 66 00 65 00-6e 00 64 00 65 00 72 00 d.e.f.e.n.d.e.r.
0000016f221665f0/0080: 20 00 53 00 65 00 63 00-75 00 72 00 69 00 74 00 .S.e.c.u.r.i.t.
0000016f22166600/0090: 79 00 5c 00 61 00 74 00-63 00 75 00 66 00 5c 00 y.\.a.t.c.u.f.\.
0000016f22166610/00a0: 64 00 6c 00 6c 00 73 00-5f 00 32 00 36 00 37 00 d.l.l.s._.2.6.7.
0000016f22166620/00b0: 34 00 32 00 36 00 36 00-33 00 39 00 38 00 30 00 4.2.6.6.3.9.8.0.
0000016f22166630/00c0: 32 00 37 00 31 00 31 00-31 00 34 00 35 00 5c 00 2.7.1.1.1.4.5.\.
0000016f22166640/00d0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000016f22166650/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000016f22166660/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
935c.98b0: 0000016f22166970/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
**************** **** <ditto x 2>
0000016f221669a0/0030: 16 00 20 00 00 00 00 00-40 04 ae aa f5 7d 00 00 .. .....@....}..
0000016f221669b0/0040: 62 00 64 00 68 00 6b 00-6d 00 36 00 34 00 2e 00 b.d.h.k.m.6.4...
0000016f221669c0/0050: 64 00 6c 00 6c 00 00 00-00 00 00 00 00 00 00 00 d.l.l...........
0000016f221669d0/0060: 43 00 3a 00 5c 00 50 00-72 00 6f 00 67 00 72 00 C.:.\.P.r.o.g.r.
0000016f221669e0/0070: 61 00 6d 00 20 00 46 00-69 00 6c 00 65 00 73 00 a.m. .F.i.l.e.s.
0000016f221669f0/0080: 5c 00 42 00 69 00 74 00-64 00 65 00 66 00 65 00 \.B.i.t.d.e.f.e.
0000016f22166a00/0090: 6e 00 64 00 65 00 72 00-5c 00 42 00 69 00 74 00 n.d.e.r.\.B.i.t.
0000016f22166a10/00a0: 64 00 65 00 66 00 65 00-6e 00 64 00 65 00 72 00 d.e.f.e.n.d.e.r.
0000016f22166a20/00b0: 20 00 53 00 65 00 63 00-75 00 72 00 69 00 74 00 .S.e.c.u.r.i.t.
0000016f22166a30/00c0: 79 00 5c 00 62 00 64 00-68 00 6b 00 6d 00 5c 00 y.\.b.d.h.k.m.\.
0000016f22166a40/00d0: 64 00 6c 00 6c 00 73 00-5f 00 32 00 36 00 37 00 d.l.l.s._.2.6.7.
0000016f22166a50/00e0: 30 00 32 00 33 00 37 00-31 00 32 00 33 00 35 00 0.2.3.7.1.2.3.5.
0000016f22166a60/00f0: 39 00 31 00 38 00 36 00-32 00 36 00 33 00 5c 00 9.1.8.6.2.6.3.\.
935c.98b0: 0000016f22166d70/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
**************** **** <ditto x 5>
0000016f22166dd0/0060: 20 a6 f5 f3 fb 7f 00 00-c0 0a fd f3 fb 7f 00 00 ...............
0000016f22166de0/0070: 48 89 5c 24 10 56 57 41-56 48 81 ec d0 00 00 00 H.\$.VWAVH......
0000016f22166df0/0080: 48 83 ec 38 56 57 51 52-41 50 41 51 48 83 ec 40 H..8VWQRAPAQH..@
0000016f22166e00/0090: 48 b9 ff ff ff ff ff ff-ff ff 48 8b 15 bf ff ff H.........H.....
0000016f22166e10/00a0: ff 48 89 54 24 38 48 8d-54 24 38 48 c7 44 24 28 .H.T$8H.T$8H.D$(
0000016f22166e20/00b0: 10 00 00 00 4c 8d 44 24-28 49 c7 c1 04 00 00 00 ....L.D$(I......
0000016f22166e30/00c0: 48 8d 7c 24 30 48 89 7c-24 20 48 8b 05 97 ff ff H.|$0H.|$ H.....
0000016f22166e40/00d0: ff ff d0 85 c0 0f 88 00-01 00 00 48 8d 35 8e ff ...........H.5..
0000016f22166e50/00e0: ff ff 48 8b 3d 77 ff ff-ff 48 c7 c1 10 00 00 00 ..H.=w...H......
0000016f22166e60/00f0: fc f3 a4 48 b9 ff ff ff-ff ff ff ff ff 48 8b 15 ...H.........H..
935c.98b0: 0000016f22166e70/0000: 5c ff ff ff 48 89 54 24-38 48 8d 54 24 38 48 c7 \...H.T$8H.T$8H.
0000016f22166e80/0010: 44 24 28 10 00 00 00 4c-8d 44 24 28 4c 8b 4c 24 D$(....L.D$(L.L$
0000016f22166e90/0020: 30 48 8d 7c 24 30 48 89-7c 24 20 48 8b 05 36 ff 0H.|$0H.|$ H..6.
0000016f22166ea0/0030: ff ff ff d0 85 c0 0f 88-9f 00 00 00 48 83 c4 40 ............H..@
0000016f22166eb0/0040: 41 59 41 58 5a 59 5f 5e-48 8b 05 11 ff ff ff 48 AYAXZY_^H......H
0000016f22166ec0/0050: 83 ec 20 ff d0 48 83 c4-20 85 c0 0f 88 86 00 00 .. ..H.. .......
0000016f22166ed0/0060: 00 65 48 8b 0c 25 60 00-00 00 ba 00 01 00 02 85 .eH..%`.........
0000016f22166ee0/0070: 91 bc 00 00 00 75 70 48-8d 0d e2 fa ff ff 48 c7 .....upH......H.
0000016f22166ef0/0080: c2 00 00 00 00 4c 8d 05-a4 fa ff ff 4c 8d 4c 24 .....L......L.L$
0000016f22166f00/0090: 20 48 8b 05 c8 fe ff ff-48 83 ec 20 ff d0 48 83 H......H.. ..H.
0000016f22166f10/00a0: c4 20 85 c0 74 05 48 31-c0 eb 3c 48 8d 0d 7e f6 . ..t.H1..<H..~.
0000016f22166f20/00b0: ff ff 48 c7 c2 00 00 00-00 4c 8d 05 40 f6 ff ff ..H......L..@...
0000016f22166f30/00c0: 4c 8d 4c 24 20 48 8b 05-94 fe ff ff 48 83 ec 20 L.L$ H......H..
0000016f22166f40/00d0: ff d0 48 83 c4 20 48 31-c0 eb 0c 48 83 c4 40 41 ..H.. H1...H..@A
0000016f22166f50/00e0: 59 41 58 5a 59 5f 5e 48-83 c4 38 c3 00 00 00 00 YAXZY_^H..8.....
0000016f22166f60/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
935c.98b0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007df5aaae0000/00007df5aaae0000 LB 0/0x1000]
935c.98b0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007df5aaae0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
935c.98b0: 00007df5aaae1000-00007df5aaaeffff 0x0001/0x0000 0x0000000
935c.98b0: *00007df5aaaf0000-00007df5aaaf0fff 0x0002/0x0002 0x0040000
935c.98b0: 00007df5aaaf1000-00007df5aaafffff 0x0001/0x0000 0x0000000
935c.98b0: *00007df5aab00000-00007df5ac354fff 0x0000/0x0001 0x0040000
935c.98b0: 00007df5ac355000-00007df5ac4bafff 0x0001/0x0001 0x0040000
935c.98b0: 00007df5ac4bb000-00007df5ac8d8fff 0x0000/0x0001 0x0040000
935c.98b0: 00007df5ac8d9000-00007df5ac8d9fff 0x0001/0x0001 0x0040000
935c.98b0: 00007df5ac8da000-00007fed815aafff 0x0000/0x0001 0x0040000
935c.98b0: 00007fed815ab000-00007fed815abfff 0x0002/0x0001 0x0040000
935c.98b0: 00007fed815ac000-00007ff584481fff 0x0000/0x0001 0x0040000
935c.98b0: 00007ff584482000-00007ff584486fff 0x0002/0x0001 0x0040000
935c.98b0: 00007ff584487000-00007ff594d10fff 0x0000/0x0001 0x0040000
935c.98b0: 00007ff594d11000-00007ff59a7fbfff 0x0001/0x0001 0x0040000
935c.98b0: 00007ff59a7fc000-00007ff59a805fff 0x0002/0x0001 0x0040000
935c.98b0: 00007ff59a806000-00007ff5aaafffff 0x0000/0x0001 0x0040000
935c.98b0: 00007ff5aab00000-00007ff66608ffff 0x0001/0x0000 0x0000000
935c.98b0: *00007ff666090000-00007ff666090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666091000-00007ff6660fbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff6660fc000-00007ff6660fcfff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff6660fd000-00007ff666150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666151000-00007ff666151fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666152000-00007ff666152fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666153000-00007ff666157fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666158000-00007ff66615dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff66615e000-00007ff666197fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666198000-00007ffbf3f2ffff 0x0001/0x0000 0x0000000
935c.98b0: *00007ffbf3f30000-00007ffbf3f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf3f31000-00007ffbf4061fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf4062000-00007ffbf40affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40b0000-00007ffbf40bbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40bc000-00007ffbf40cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40cb000-00007ffbf40cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40cc000-00007ffbf40cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40cf000-00007ffbf4146fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf4147000-00007ffffffeffff 0x0001/0x0000 0x0000000
935c.98b0: VBoxHeadless.exe: timestamp 0x670807b2 (rc=VINF_SUCCESS)
935c.98b0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
935c.98b0: VBoxHeadless.exe: Differences in section #8 (.rsrc) between file and memory:
935c.98b0: 00007ff666196b2c / 0x0106b2c: 00 != 50
935c.98b0: 00007ff666196b2d / 0x0106b2d: 00 != 41
935c.98b0: 00007ff666196b2e / 0x0106b2e: 00 != 44
935c.98b0: 00007ff666196b2f / 0x0106b2f: 00 != 44
935c.98b0: 00007ff666196b30 / 0x0106b30: 00 != 49
935c.98b0: 00007ff666196b31 / 0x0106b31: 00 != 4e
935c.98b0: 00007ff666196b32 / 0x0106b32: 00 != 47
935c.98b0: 00007ff666196b33 / 0x0106b33: 00 != 58
935c.98b0: 00007ff666196b34 / 0x0106b34: 00 != 58
935c.98b0: 00007ff666196b35 / 0x0106b35: 00 != 50
935c.98b0: 00007ff666196b36 / 0x0106b36: 00 != 41
935c.98b0: 00007ff666196b37 / 0x0106b37: 00 != 44
935c.98b0: 00007ff666196b38 / 0x0106b38: 00 != 44
935c.98b0: 00007ff666196b39 / 0x0106b39: 00 != 49
935c.98b0: 00007ff666196b3a / 0x0106b3a: 00 != 4e
935c.98b0: 00007ff666196b3b / 0x0106b3b: 00 != 47
935c.98b0: 00007ff666196b3c / 0x0106b3c: 00 != 50
935c.98b0: 00007ff666196b3d / 0x0106b3d: 00 != 41
935c.98b0: 00007ff666196b3e / 0x0106b3e: 00 != 44
935c.98b0: 00007ff666196b3f / 0x0106b3f: 00 != 44
935c.98b0: 00007ff666196b40 / 0x0106b40: 00 != 49
935c.98b0: 00007ff666196b41 / 0x0106b41: 00 != 4e
935c.98b0: 00007ff666196b42 / 0x0106b42: 00 != 47
935c.98b0: 00007ff666196b43 / 0x0106b43: 00 != 58
935c.98b0: 00007ff666196b44 / 0x0106b44: 00 != 58
935c.98b0: 00007ff666196b45 / 0x0106b45: 00 != 50
935c.98b0: 00007ff666196b46 / 0x0106b46: 00 != 41
935c.98b0: 00007ff666196b47 / 0x0106b47: 00 != 44
935c.98b0: 00007ff666196b48 / 0x0106b48: 00 != 44
935c.98b0: 00007ff666196b49 / 0x0106b49: 00 != 49
935c.98b0: 00007ff666196b4a / 0x0106b4a: 00 != 4e
935c.98b0: 00007ff666196b4b / 0x0106b4b: 00 != 47
935c.98b0: 00007ff666196b4c / 0x0106b4c: 00 != 50
935c.98b0: 00007ff666196b4d / 0x0106b4d: 00 != 41
935c.98b0: 00007ff666196b4e / 0x0106b4e: 00 != 44
935c.98b0: 00007ff666196b4f / 0x0106b4f: 00 != 44
935c.98b0: 00007ff666196b50 / 0x0106b50: 00 != 49
935c.98b0: 00007ff666196b51 / 0x0106b51: 00 != 4e
935c.98b0: 00007ff666196b52 / 0x0106b52: 00 != 47
935c.98b0: 00007ff666196b53 / 0x0106b53: 00 != 58
935c.98b0: 00007ff666196b54 / 0x0106b54: 00 != 58
935c.98b0: 00007ff666196b55 / 0x0106b55: 00 != 50
935c.98b0: 00007ff666196b56 / 0x0106b56: 00 != 41
935c.98b0: 00007ff666196b57 / 0x0106b57: 00 != 44
935c.98b0: 00007ff666196b58 / 0x0106b58: 00 != 44
935c.98b0: 00007ff666196b59 / 0x0106b59: 00 != 49
935c.98b0: 00007ff666196b5a / 0x0106b5a: 00 != 4e
935c.98b0: 00007ff666196b5b / 0x0106b5b: 00 != 47
935c.98b0: 00007ff666196b5c / 0x0106b5c: 00 != 50
935c.98b0: 00007ff666196b5d / 0x0106b5d: 00 != 41
935c.98b0: 00007ff666196b5e / 0x0106b5e: 00 != 44
935c.98b0: 00007ff666196b5f / 0x0106b5f: 00 != 44
935c.98b0: 00007ff666196b60 / 0x0106b60: 00 != 49
935c.98b0: 00007ff666196b61 / 0x0106b61: 00 != 4e
935c.98b0: 00007ff666196b62 / 0x0106b62: 00 != 47
935c.98b0: 00007ff666196b63 / 0x0106b63: 00 != 58
935c.98b0: 00007ff666196b64 / 0x0106b64: 00 != 58
935c.98b0: 00007ff666196b65 / 0x0106b65: 00 != 50
935c.98b0: 00007ff666196b66 / 0x0106b66: 00 != 41
935c.98b0: 00007ff666196b67 / 0x0106b67: 00 != 44
935c.98b0: 00007ff666196b68 / 0x0106b68: 00 != 44
935c.98b0: 00007ff666196b69 / 0x0106b69: 00 != 49
935c.98b0: 00007ff666196b6a / 0x0106b6a: 00 != 4e
935c.98b0: 00007ff666196b6b / 0x0106b6b: 00 != 47
935c.98b0: 00007ff666196b6c / 0x0106b6c: 00 != 50
935c.98b0: 00007ff666196b6d / 0x0106b6d: 00 != 41
935c.98b0: 00007ff666196b6e / 0x0106b6e: 00 != 44
935c.98b0: 00007ff666196b6f / 0x0106b6f: 00 != 44
935c.98b0: 00007ff666196b70 / 0x0106b70: 00 != 49
935c.98b0: 00007ff666196b71 / 0x0106b71: 00 != 4e
935c.98b0: 00007ff666196b72 / 0x0106b72: 00 != 47
935c.98b0: 00007ff666196b73 / 0x0106b73: 00 != 58
935c.98b0: 00007ff666196b74 / 0x0106b74: 00 != 58
935c.98b0: 00007ff666196b75 / 0x0106b75: 00 != 50
935c.98b0: 00007ff666196b76 / 0x0106b76: 00 != 41
935c.98b0: 00007ff666196b77 / 0x0106b77: 00 != 44
935c.98b0: 00007ff666196b78 / 0x0106b78: 00 != 44
935c.98b0: 00007ff666196b79 / 0x0106b79: 00 != 49
935c.98b0: 00007ff666196b7a / 0x0106b7a: 00 != 4e
935c.98b0: 00007ff666196b7b / 0x0106b7b: 00 != 47
935c.98b0: 00007ff666196b7c / 0x0106b7c: 00 != 50
935c.98b0: 00007ff666196b7d / 0x0106b7d: 00 != 41
935c.98b0: 00007ff666196b7e / 0x0106b7e: 00 != 44
935c.98b0: 00007ff666196b7f / 0x0106b7f: 00 != 44
935c.98b0: 00007ff666196b80 / 0x0106b80: 00 != 49
935c.98b0: 00007ff666196b81 / 0x0106b81: 00 != 4e
935c.98b0: 00007ff666196b82 / 0x0106b82: 00 != 47
935c.98b0: 00007ff666196b83 / 0x0106b83: 00 != 58
935c.98b0: 00007ff666196b84 / 0x0106b84: 00 != 58
935c.98b0: 00007ff666196b85 / 0x0106b85: 00 != 50
935c.98b0: 00007ff666196b86 / 0x0106b86: 00 != 41
935c.98b0: 00007ff666196b87 / 0x0106b87: 00 != 44
935c.98b0: 00007ff666196b88 / 0x0106b88: 00 != 44
935c.98b0: 00007ff666196b89 / 0x0106b89: 00 != 49
935c.98b0: 00007ff666196b8a / 0x0106b8a: 00 != 4e
935c.98b0: 00007ff666196b8b / 0x0106b8b: 00 != 47
935c.98b0: 00007ff666196b8c / 0x0106b8c: 00 != 50
935c.98b0: 00007ff666196b8d / 0x0106b8d: 00 != 41
935c.98b0: 00007ff666196b8e / 0x0106b8e: 00 != 44
935c.98b0: 00007ff666196b8f / 0x0106b8f: 00 != 44
935c.98b0: 00007ff666196b90 / 0x0106b90: 00 != 49
935c.98b0: 00007ff666196b91 / 0x0106b91: 00 != 4e
935c.98b0: 00007ff666196b92 / 0x0106b92: 00 != 47
935c.98b0: 00007ff666196b93 / 0x0106b93: 00 != 58
935c.98b0: 00007ff666196b94 / 0x0106b94: 00 != 58
935c.98b0: 00007ff666196b95 / 0x0106b95: 00 != 50
935c.98b0: 00007ff666196b96 / 0x0106b96: 00 != 41
935c.98b0: 00007ff666196b97 / 0x0106b97: 00 != 44
935c.98b0: 00007ff666196b98 / 0x0106b98: 00 != 44
935c.98b0: 00007ff666196b99 / 0x0106b99: 00 != 49
935c.98b0: 00007ff666196b9a / 0x0106b9a: 00 != 4e
935c.98b0: 00007ff666196b9b / 0x0106b9b: 00 != 47
935c.98b0: 00007ff666196b9c / 0x0106b9c: 00 != 50
935c.98b0: 00007ff666196b9d / 0x0106b9d: 00 != 41
935c.98b0: 00007ff666196b9e / 0x0106b9e: 00 != 44
935c.98b0: 00007ff666196b9f / 0x0106b9f: 00 != 44
935c.98b0: 00007ff666196ba0 / 0x0106ba0: 00 != 49
935c.98b0: 00007ff666196ba1 / 0x0106ba1: 00 != 4e
935c.98b0: 00007ff666196ba2 / 0x0106ba2: 00 != 47
935c.98b0: 00007ff666196ba3 / 0x0106ba3: 00 != 58
935c.98b0: 00007ff666196ba4 / 0x0106ba4: 00 != 58
935c.98b0: 00007ff666196ba5 / 0x0106ba5: 00 != 50
935c.98b0: 00007ff666196ba6 / 0x0106ba6: 00 != 41
935c.98b0: 00007ff666196ba7 / 0x0106ba7: 00 != 44
935c.98b0: 00007ff666196ba8 / 0x0106ba8: 00 != 44
935c.98b0: 00007ff666196ba9 / 0x0106ba9: 00 != 49
935c.98b0: 00007ff666196baa / 0x0106baa: 00 != 4e
935c.98b0: 00007ff666196bab / 0x0106bab: 00 != 47
935c.98b0: 00007ff666196bac / 0x0106bac: 00 != 50
935c.98b0: 00007ff666196bad / 0x0106bad: 00 != 41
935c.98b0: 00007ff666196bae / 0x0106bae: 00 != 44
935c.98b0: 00007ff666196baf / 0x0106baf: 00 != 44
935c.98b0: 00007ff666196bb0 / 0x0106bb0: 00 != 49
935c.98b0: 00007ff666196bb1 / 0x0106bb1: 00 != 4e
935c.98b0: 00007ff666196bb2 / 0x0106bb2: 00 != 47
935c.98b0: 00007ff666196bb3 / 0x0106bb3: 00 != 58
935c.98b0: 00007ff666196bb4 / 0x0106bb4: 00 != 58
935c.98b0: 00007ff666196bb5 / 0x0106bb5: 00 != 50
935c.98b0: 00007ff666196bb6 / 0x0106bb6: 00 != 41
935c.98b0: 00007ff666196bb7 / 0x0106bb7: 00 != 44
935c.98b0: 00007ff666196bb8 / 0x0106bb8: 00 != 44
935c.98b0: 00007ff666196bb9 / 0x0106bb9: 00 != 49
935c.98b0: 00007ff666196bba / 0x0106bba: 00 != 4e
935c.98b0: 00007ff666196bbb / 0x0106bbb: 00 != 47
935c.98b0: 00007ff666196bbc / 0x0106bbc: 00 != 50
935c.98b0: 00007ff666196bbd / 0x0106bbd: 00 != 41
935c.98b0: 00007ff666196bbe / 0x0106bbe: 00 != 44
935c.98b0: 00007ff666196bbf / 0x0106bbf: 00 != 44
935c.98b0: 00007ff666196bc0 / 0x0106bc0: 00 != 49
935c.98b0: 00007ff666196bc1 / 0x0106bc1: 00 != 4e
935c.98b0: 00007ff666196bc2 / 0x0106bc2: 00 != 47
935c.98b0: 00007ff666196bc3 / 0x0106bc3: 00 != 58
935c.98b0: 00007ff666196bc4 / 0x0106bc4: 00 != 58
935c.98b0: 00007ff666196bc5 / 0x0106bc5: 00 != 50
935c.98b0: 00007ff666196bc6 / 0x0106bc6: 00 != 41
935c.98b0: 00007ff666196bc7 / 0x0106bc7: 00 != 44
935c.98b0: 00007ff666196bc8 / 0x0106bc8: 00 != 44
935c.98b0: 00007ff666196bc9 / 0x0106bc9: 00 != 49
935c.98b0: 00007ff666196bca / 0x0106bca: 00 != 4e
935c.98b0: 00007ff666196bcb / 0x0106bcb: 00 != 47
935c.98b0: 00007ff666196bcc / 0x0106bcc: 00 != 50
935c.98b0: 00007ff666196bcd / 0x0106bcd: 00 != 41
935c.98b0: 00007ff666196bce / 0x0106bce: 00 != 44
935c.98b0: 00007ff666196bcf / 0x0106bcf: 00 != 44
935c.98b0: 00007ff666196bd0 / 0x0106bd0: 00 != 49
935c.98b0: 00007ff666196bd1 / 0x0106bd1: 00 != 4e
935c.98b0: 00007ff666196bd2 / 0x0106bd2: 00 != 47
935c.98b0: 00007ff666196bd3 / 0x0106bd3: 00 != 58
935c.98b0: 00007ff666196bd4 / 0x0106bd4: 00 != 58
935c.98b0: 00007ff666196bd5 / 0x0106bd5: 00 != 50
935c.98b0: 00007ff666196bd6 / 0x0106bd6: 00 != 41
935c.98b0: 00007ff666196bd7 / 0x0106bd7: 00 != 44
935c.98b0: 00007ff666196bd8 / 0x0106bd8: 00 != 44
935c.98b0: 00007ff666196bd9 / 0x0106bd9: 00 != 49
935c.98b0: 00007ff666196bda / 0x0106bda: 00 != 4e
935c.98b0: 00007ff666196bdb / 0x0106bdb: 00 != 47
935c.98b0: 00007ff666196bdc / 0x0106bdc: 00 != 50
935c.98b0: 00007ff666196bdd / 0x0106bdd: 00 != 41
935c.98b0: 00007ff666196bde / 0x0106bde: 00 != 44
935c.98b0: 00007ff666196bdf / 0x0106bdf: 00 != 44
935c.98b0: 00007ff666196be0 / 0x0106be0: 00 != 49
935c.98b0: 00007ff666196be1 / 0x0106be1: 00 != 4e
935c.98b0: 00007ff666196be2 / 0x0106be2: 00 != 47
935c.98b0: 00007ff666196be3 / 0x0106be3: 00 != 58
935c.98b0: 00007ff666196be4 / 0x0106be4: 00 != 58
935c.98b0: 00007ff666196be5 / 0x0106be5: 00 != 50
935c.98b0: 00007ff666196be6 / 0x0106be6: 00 != 41
935c.98b0: 00007ff666196be7 / 0x0106be7: 00 != 44
935c.98b0: 00007ff666196be8 / 0x0106be8: 00 != 44
935c.98b0: 00007ff666196be9 / 0x0106be9: 00 != 49
935c.98b0: 00007ff666196bea / 0x0106bea: 00 != 4e
935c.98b0: 00007ff666196beb / 0x0106beb: 00 != 47
935c.98b0: 00007ff666196bec / 0x0106bec: 00 != 50
935c.98b0: 00007ff666196bed / 0x0106bed: 00 != 41
935c.98b0: 00007ff666196bee / 0x0106bee: 00 != 44
935c.98b0: 00007ff666196bef / 0x0106bef: 00 != 44
935c.98b0: 00007ff666196bf0 / 0x0106bf0: 00 != 49
935c.98b0: 00007ff666196bf1 / 0x0106bf1: 00 != 4e
935c.98b0: 00007ff666196bf2 / 0x0106bf2: 00 != 47
935c.98b0: 00007ff666196bf3 / 0x0106bf3: 00 != 58
935c.98b0: 00007ff666196bf4 / 0x0106bf4: 00 != 58
935c.98b0: 00007ff666196bf5 / 0x0106bf5: 00 != 50
935c.98b0: 00007ff666196bf6 / 0x0106bf6: 00 != 41
935c.98b0: 00007ff666196bf7 / 0x0106bf7: 00 != 44
935c.98b0: 00007ff666196bf8 / 0x0106bf8: 00 != 44
935c.98b0: 00007ff666196bf9 / 0x0106bf9: 00 != 49
935c.98b0: 00007ff666196bfa / 0x0106bfa: 00 != 4e
935c.98b0: 00007ff666196bfb / 0x0106bfb: 00 != 47
935c.98b0: 00007ff666196bfc / 0x0106bfc: 00 != 50
935c.98b0: 00007ff666196bfd / 0x0106bfd: 00 != 41
935c.98b0: 00007ff666196bfe / 0x0106bfe: 00 != 44
935c.98b0: 00007ff666196bff / 0x0106bff: 00 != 44
935c.98b0: Restored 0x4d4 bytes of original file content at 00007ff666196b2c
935c.98b0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
935c.98b0: ntdll.dll: Differences in section #1 (.text) between file and memory:
935c.98b0: 00007ffbf3f5a621 / 0x002a621: 89 != b8
935c.98b0: 00007ffbf3f5a622 / 0x002a622: 5c != 80
935c.98b0: 00007ffbf3f5a623 / 0x002a623: 24 != 08
935c.98b0: 00007ffbf3f5a624 / 0x002a624: 10 != ae
935c.98b0: 00007ffbf3f5a625 / 0x002a625: 56 != aa
935c.98b0: 00007ffbf3f5a626 / 0x002a626: 57 != f5
935c.98b0: 00007ffbf3f5a627 / 0x002a627: 41 != 7d
935c.98b0: 00007ffbf3f5a628 / 0x002a628: 56 != 00
935c.98b0: 00007ffbf3f5a629 / 0x002a629: 48 != 00
935c.98b0: 00007ffbf3f5a62a / 0x002a62a: 81 != ff
935c.98b0: 00007ffbf3f5a62b / 0x002a62b: ec != e0
935c.98b0: Restored 0x2000 bytes of original file content at 00007ffbf3f59000
935c.98b0: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x80000000
935c.98b0: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 33 sleeps
935c.98b0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
935c.98b0: *0000000000000000-000000007ffdffff 0x0001/0x0000 0x0000000
935c.98b0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
935c.98b0: 000000007ffe1000-000000007ffe8fff 0x0001/0x0000 0x0000000
935c.98b0: *000000007ffe9000-000000007ffe9fff 0x0002/0x0002 0x0020000
935c.98b0: 000000007ffea000-000000b00a9fffff 0x0001/0x0000 0x0000000
935c.98b0: *000000b00aa00000-000000b00abeafff 0x0000/0x0004 0x0020000
935c.98b0: 000000b00abeb000-000000b00abedfff 0x0004/0x0004 0x0020000
935c.98b0: 000000b00abee000-000000b00abfffff 0x0000/0x0004 0x0020000
935c.98b0: *000000b00ac00000-000000b00acfafff 0x0000/0x0004 0x0020000
935c.98b0: 000000b00acfb000-000000b00acfdfff 0x0104/0x0004 0x0020000
935c.98b0: 000000b00acfe000-000000b00acfffff 0x0004/0x0004 0x0020000
935c.98b0: 000000b00ad00000-000002207148ffff 0x0001/0x0000 0x0000000
935c.98b0: *0000022071490000-00000220714affff 0x0004/0x0004 0x0020000
935c.98b0: *00000220714b0000-00000220714cefff 0x0002/0x0002 0x0040000
935c.98b0: 00000220714cf000-00000220714cffff 0x0001/0x0000 0x0000000
935c.98b0: *00000220714d0000-00000220714d3fff 0x0002/0x0002 0x0040000
935c.98b0: 00000220714d4000-00000220714dffff 0x0001/0x0000 0x0000000
935c.98b0: *00000220714e0000-00000220714e0fff 0x0002/0x0002 0x0040000
935c.98b0: 00000220714e1000-00000220714effff 0x0001/0x0000 0x0000000
935c.98b0: *00000220714f0000-00000220714f1fff 0x0004/0x0004 0x0020000
935c.98b0: 00000220714f2000-00007df5aaaeffff 0x0001/0x0000 0x0000000
935c.98b0: *00007df5aaaf0000-00007df5aaaf0fff 0x0002/0x0002 0x0040000
935c.98b0: 00007df5aaaf1000-00007df5aaafffff 0x0001/0x0000 0x0000000
935c.98b0: *00007df5aab00000-00007df5ac354fff 0x0000/0x0001 0x0040000
935c.98b0: 00007df5ac355000-00007df5ac4bafff 0x0001/0x0001 0x0040000
935c.98b0: 00007df5ac4bb000-00007df5ac8d8fff 0x0000/0x0001 0x0040000
935c.98b0: 00007df5ac8d9000-00007df5ac8d9fff 0x0001/0x0001 0x0040000
935c.98b0: 00007df5ac8da000-00007fed815aafff 0x0000/0x0001 0x0040000
935c.98b0: 00007fed815ab000-00007fed815abfff 0x0002/0x0001 0x0040000
935c.98b0: 00007fed815ac000-00007ff584481fff 0x0000/0x0001 0x0040000
935c.98b0: 00007ff584482000-00007ff584486fff 0x0002/0x0001 0x0040000
935c.98b0: 00007ff584487000-00007ff594d10fff 0x0000/0x0001 0x0040000
935c.98b0: 00007ff594d11000-00007ff59a7fbfff 0x0001/0x0001 0x0040000
935c.98b0: 00007ff59a7fc000-00007ff59a805fff 0x0002/0x0001 0x0040000
935c.98b0: 00007ff59a806000-00007ff5aaafffff 0x0000/0x0001 0x0040000
935c.98b0: 00007ff5aab00000-00007ff66608ffff 0x0001/0x0000 0x0000000
935c.98b0: *00007ff666090000-00007ff666090fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666091000-00007ff6660fbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff6660fc000-00007ff6660fcfff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff6660fd000-00007ff666150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666151000-00007ff66615dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff66615e000-00007ff666197fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
935c.98b0: 00007ff666198000-00007ffbf3f2ffff 0x0001/0x0000 0x0000000
935c.98b0: *00007ffbf3f30000-00007ffbf3f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf3f31000-00007ffbf4061fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf4062000-00007ffbf40affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40b0000-00007ffbf40b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40b4000-00007ffbf40bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40bc000-00007ffbf40cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40cb000-00007ffbf40cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40cc000-00007ffbf40cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf40cf000-00007ffbf4146fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
935c.98b0: 00007ffbf4147000-00007ffffffeffff 0x0001/0x0000 0x0000000
935c.98b0: supR3HardNtChildPurify: Done after 805 ms and 3 fixes (loop #1).
9c80.8984: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbf3f30000 g_uNtVerCombined=0xa0586700 (stack ~000000b00acfebb0)
935c.98b0: supR3HardenedEarlyCompact: Removed heap 1 (0x00016f215a0000 LB 0x800000)
935c.98b0: supR3HardNtEnableThreadCreationEx:
9c80.8984: ntdll.dll: timestamp 0xf9f266e7 (rc=VINF_SUCCESS)
9c80.8984: New simple heap: #1 0000022071600000 LB 0x800000 (for 2191360 allocation)
9c80.8984: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
9c80.8984: System32: \Device\HarddiskVolume3\Windows\System32
9c80.8984: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
9c80.8984: KnownDllPath: C:\Windows\System32
9c80.8984: supR3HardenedVmProcessInit: Opening vboxsup...
9c80.8984: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
9c80.8984: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
9c80.8984: Registered Dll notification callback with NTDLL.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1520000 LB 0x003b7000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf3010000 LB 0x000c4000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3010000 'C:\Windows\System32\KERNEL32.DLL'
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ff666090000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
9c80.8984: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
9c80.8984: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbf3fa42c0 pvNtTerminateThread=00007ffbf3fd0b20
935c.98b0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
9c80.8984: \SystemRoot\System32\ntdll.dll:
9c80.8984: CreationTime: 2024-10-12T16:13:13.337096100Z
9c80.8984: LastWriteTime: 2024-10-12T16:13:13.368170000Z
9c80.8984: ChangeTime: 2024-10-15T19:50:08.320152600Z
9c80.8984: FileAttributes: 0x20
9c80.8984: Size: 0x216090
9c80.8984: NT Headers: 0xe8
9c80.8984: Timestamp: 0xf9f266e7
9c80.8984: Machine: 0x8664 - amd64
9c80.8984: Timestamp: 0xf9f266e7
9c80.8984: Image Version: 10.0
9c80.8984: SizeOfImage: 0x217000 (2191360)
9c80.8984: Resource Dir: 0x1a0000 LB 0x759a8
9c80.8984: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
9c80.8984: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
9c80.8984: ProductName: Microsoft® Windows® Operating System
9c80.8984: ProductVersion: 10.0.22621.4317
9c80.8984: FileVersion: 10.0.22621.4317 (WinBuild.160101.0800)
9c80.8984: FileDescription: NT Layer DLL
9c80.8984: \SystemRoot\System32\kernel32.dll:
9c80.8984: CreationTime: 2024-08-18T11:45:46.245614200Z
9c80.8984: LastWriteTime: 2024-08-18T11:45:46.259376700Z
9c80.8984: ChangeTime: 2024-10-12T16:14:17.580433400Z
9c80.8984: FileAttributes: 0x20
9c80.8984: Size: 0xc7168
9c80.8984: NT Headers: 0xe8
9c80.8984: Timestamp: 0xa9f358b9
9c80.8984: Machine: 0x8664 - amd64
9c80.8984: Timestamp: 0xa9f358b9
9c80.8984: Image Version: 10.0
9c80.8984: SizeOfImage: 0xc4000 (802816)
9c80.8984: Resource Dir: 0xc2000 LB 0x520
9c80.8984: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9c80.8984: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
9c80.8984: ProductName: Microsoft® Windows® Operating System
9c80.8984: ProductVersion: 10.0.22621.3958
9c80.8984: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
9c80.8984: FileDescription: Windows NT BASE API Client DLL
9c80.8984: \SystemRoot\System32\KernelBase.dll:
9c80.8984: CreationTime: 2024-10-12T16:13:13.874348200Z
9c80.8984: LastWriteTime: 2024-10-12T16:13:13.976987600Z
9c80.8984: ChangeTime: 2024-10-15T19:50:07.879884900Z
9c80.8984: FileAttributes: 0x20
9c80.8984: Size: 0x3bdba0
9c80.8984: NT Headers: 0xf8
9c80.8984: Timestamp: 0xcf64c6a
9c80.8984: Machine: 0x8664 - amd64
9c80.8984: Timestamp: 0xcf64c6a
9c80.8984: Image Version: 10.0
9c80.8984: SizeOfImage: 0x3b7000 (3895296)
9c80.8984: Resource Dir: 0x386000 LB 0x548
9c80.8984: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9c80.8984: [Raw version resource data: 0x3860b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
9c80.8984: ProductName: Microsoft® Windows® Operating System
9c80.8984: ProductVersion: 10.0.22621.4249
9c80.8984: FileVersion: 10.0.22621.4249 (WinBuild.160101.0800)
9c80.8984: FileDescription: Windows NT BASE API Client DLL
9c80.8984: \SystemRoot\System32\apisetschema.dll:
9c80.8984: CreationTime: 2024-08-18T11:45:33.363168100Z
9c80.8984: LastWriteTime: 2024-08-18T11:45:33.366168300Z
9c80.8984: ChangeTime: 2024-10-12T16:14:17.396998700Z
9c80.8984: FileAttributes: 0x20
9c80.8984: Size: 0x245e0
9c80.8984: NT Headers: 0xc8
9c80.8984: Timestamp: 0x8f476251
9c80.8984: Machine: 0x8664 - amd64
9c80.8984: Timestamp: 0x8f476251
9c80.8984: Image Version: 10.0
9c80.8984: SizeOfImage: 0x23000 (143360)
9c80.8984: Resource Dir: 0x22000 LB 0x408
9c80.8984: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9c80.8984: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
9c80.8984: ProductName: Microsoft® Windows® Operating System
9c80.8984: ProductVersion: 10.0.22621.3958
9c80.8984: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
9c80.8984: FileDescription: ApiSet Schema DLL
9c80.8984: supR3HardenedWinFindAdversaries: 0x0
9c80.8984: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
9c80.8984: Calling main()
9c80.8984: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
9c80.8984: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
9c80.8984: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
9c80.8984: SUPR3HardenedMain: Final process, opening VBoxDrv...
9c80.8984: supR3HardenedEarlyCompact: Removed heap 1 (0x00022071600000 LB 0x800000)
9c80.8984: supR3HardNtEnableThreadCreationEx:
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbd2460000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd2460000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd2460000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd2460000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1c80000 LB 0x000a7000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1d30000 LB 0x00114000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1bf0000 LB 0x0006c000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1240000 LB 0x00111000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1a80000 LB 0x00166000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-synch-l1-2-0'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-fibers-l1-1-1'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-synch-l1-2-0'
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf0b40000 LB 0x00012000 C:\Windows\SYSTEM32\MSASN1.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1bf0000 'C:\Windows\system32\Wintrust.dll'
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1400000 LB 0x00028000 C:\Windows\System32\bcrypt.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1400000 'C:\Windows\system32\bcrypt.dll'
9c80.8984: bcrypt.dll loaded at 00007ffbf1400000, BCryptOpenAlgorithmProvider at 00007ffbf1404520, preloading providers:
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf18e0000 LB 0x0007b000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf18e0000 'C:\Windows\system32\bcryptprimitives.dll'
9c80.8984: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000022071ed3ff0)
9c80.8984: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000022071ed42f0)
9c80.8984: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000022071ed4640)
9c80.8984: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000022071ed4990)
9c80.8984: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000022071ed4ce0)
9c80.8984: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000022071ed6040)
9c80.8984: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000022071ed6390)
9c80.8984: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000022071ed66e0)
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf0af0000 LB 0x0001b000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf02c0000 LB 0x00035000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf0ad0000 LB 0x0000c000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3010000 'C:\Windows\System32\kernel32.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1bf0000 'C:\Windows\System32\WINTRUST.DLL'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\CRYPT32.dll'
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1c60000 LB 0x0001f000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf3a90000 LB 0x000a8000 C:\Windows\System32\sechost.dll [fFlags=0x0]
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf0810000 LB 0x00026000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbeaa90000 LB 0x00032000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbeaa90000 'C:\Windows\System32\cryptnet.dll'
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1170000 LB 0x00027000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf2f50000 LB 0x000b2000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E45681AAA4DF35F95CF4CDCC7434AD683E6F09E9
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1d30000 'C:\Windows\System32\rpcrt4.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\SystemRoot\System32\ntdll.dll'
9c80.8984: g_pfnWinVerifyTrust=00007ffbf1c024c0
9c80.8984: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\system32\crypt32.dll'
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x90db3c55e94ed6ab CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x62e562aabc48cf00 C=DE, Email=info@win-unattended.de, CN=Win-Unattended
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x7cffd65c5161f300 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xb58b8802a8fec00 CN=DESKTOP-OP1A
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x80d5e6f878f9bd00 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x2404221294e78d00 C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x96cb178d285f9e36 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x298c3394be5bca00 C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert, Inc., CN=DigiCert CS RSA4096 Root G5
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
9c80.8984: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
9c80.8984: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=74
9c80.8984: SUPR3HardenedMain: Load Runtime...
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'mpr.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp140.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [redoing WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbd2b70000 LB 0x0001e000 C:\Windows\SYSTEM32\VCRUNTIME140.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbe9a70000 LB 0x0000c000 C:\Windows\SYSTEM32\VCRUNTIME140_1.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffb7a600000 LB 0x0008d000 C:\Windows\SYSTEM32\MSVCP140.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbea480000 LB 0x0001e000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf3510000 LB 0x00071000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffb1ec00000 LB 0x006f4000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-synch-l1-2-0'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-fibers-l1-1-1'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-synch-l1-2-0'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-fibers-l1-1-1'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3010000 'C:\Windows\System32\kernel32.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-string-l1-1-0'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-localization-l1-2-1'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-datetime-l1-1-1'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-localization-obsolete-l1-2-0'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ec00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1bf0000 'C:\Windows\system32\Wintrust.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\system32\crypt32.dll'
9c80.8984: SUPR3HardenedMain: Load TrustedMain...
9c80.50dc: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-appmodel-runtime-l1-1-2) -> 0x0, fPresent=1
9c80.50dc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-appmodel-runtime-l1-1-2 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.50dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcrt.dll'.
9c80.50dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
9c80.50dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.50dc: supR3HardenedDllNotificationCallback: load 00007ffbf02a0000 LB 0x00018000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
9c80.50dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
9c80.50dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02a0000 'api-ms-win-appmodel-runtime-l1-1-2'
9c80.50dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.50dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.50dc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vboxrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'win32u.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
9c80.8984: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf14f0000 LB 0x00026000 C:\Windows\System32\win32u.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1360000 LB 0x0009a000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1960000 LB 0x00118000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'win32u.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf2f20000 LB 0x00029000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf1e50000 LB 0x001af000 C:\Windows\System32\USER32.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf21c0000 LB 0x0038e000 C:\Windows\System32\combase.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf2010000 LB 0x001a5000 C:\Windows\System32\ole32.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf30e0000 LB 0x000d7000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffb97ce0000 LB 0x00047000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.dll
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
9c80.8984: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000004bc (hFile=0000000000000488) with 0xc0000022 -> STATUS_TRUST_FAILURE
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
9c80.8984: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
9c80.8984: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf3270000 LB 0x00031000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3270000 'C:\Windows\system32\IMM32.DLL'
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
9c80.8984: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb97ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
9c80.8984: SUPR3HardenedMain: Calling TrustedMain (00007ffb97ce3490)...
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcryptprimitives.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #51 'combase.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #52 'msvcp_win.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcss.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcss.dll
9c80.8984: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000478 (hFile=00000000000005f8) with 0xc0000022 -> STATUS_TRUST_FAILURE
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf3de0000 LB 0x000b0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume3\Windows\System32\rpcss.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0A23DE01FB3729AE4266F045E5F688E575998C9
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05142030~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcss.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcss.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'advapi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffb1be10000 LB 0x003f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1be10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcss.dll
9c80.8984: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000005cc (hFile=00000000000005e0) with 0xc0000022 -> STATUS_TRUST_FAILURE
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf3b60000 LB 0x0005e000 C:\Windows\System32\SHLWAPI.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffb58170000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb58170000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf30e0000 'C:\Windows\System32\oleaut32.dll'
9c80.1eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.1eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.1eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.1eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.1eb4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
9c80.1eb4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
9c80.1eb4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
9c80.1eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.1eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.1eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.1eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.1eb4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.1eb4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.1eb4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.1eb4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.1eb4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
9c80.1eb4: supR3HardenedDllNotificationCallback: load 00007ffb1b690000 LB 0x0057c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
9c80.1eb4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
9c80.1eb4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1b690000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2010000 'C:\Windows\System32\ole32.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf30e0000 'C:\Windows\System32\OLEAUT32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007f4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AD36488966AA7858FEFB09EE4C1DB68C5F52047
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wbemcomn.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000007fc pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=48E4CF81FAA1F76B63306E69DB1B016762CEEDB5
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbe42d0000 LB 0x00080000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbe44d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe44d0000 'C:\Windows\system32\wbem\wbemprox.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000834 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=90D9CA995849F184A9BB705EF47370C35858B12B
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbe3aa0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3aa0000 'C:\Windows\system32\wbem\wbemsvc.dll'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-localization-l1-2-0.dll'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000804 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DC8B991B33B1EAEF6ABE184956A7D591BF63E61B
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'wbemcomn.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbe3ac0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3ac0000 'C:\Windows\system32\wbem\fastprox.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000085c pwszName=\Device\HarddiskVolume3\Windows\System32\amsi.dll
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E2ACDC6C91AD00483DCF60BAE07E77D4A30A9EA6
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\amsi.dll'
9c80.8984: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\amsi.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\amsi.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\amsi.dll (Input=amsi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbd14e0000 LB 0x0001d000 C:\Windows\System32\amsi.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\amsi.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd14e0000 'C:\Windows\System32\amsi.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbf0840000 LB 0x00028000 C:\Windows\SYSTEM32\USERENV.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [avoiding WinVerifyTrust]
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
9c80.8984: \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll: Owner is administrators group.
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
9c80.8984: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
9c80.8984: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll) WinVerifyTrust
9c80.8984: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9c80.8984: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9c80.8984: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll
9c80.8984: supR3HardenedDllNotificationCallback: load 00007ffbcf480000 LB 0x000cb000 C:\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll [fFlags=0x0]
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-synch-l1-2-0'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-fibers-l1-1-1'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-synch-l1-2-0'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3010000 'C:\Windows\System32\kernel32.dll'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-string-l1-1-0'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-localization-l1-2-1'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-datetime-l1-1-1'
9c80.8984: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1520000 'api-ms-win-core-localization-obsolete-l1-2-0'
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbcf480000 'C:\Program Files\Bitdefender\Bitdefender Security\bdamsi\dlls_267083866836976369\antimalware_provider64.dll'
9c80.8984: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8984: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8984: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2f50000 'C:\Windows\System32\ADVAPI32.dll'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2010000 'C:\Windows\system32\ole32.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shell32.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
9c80.8ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
9c80.8ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
9c80.8ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
9c80.8ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
9c80.8ae8: supR3HardenedDllNotificationCallback: load 00007ffbf2560000 LB 0x00869000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
9c80.8ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
9c80.8ae8: supR3HardenedDllNotificationCallback: load 00007ffba16b0000 LB 0x00021000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
9c80.8ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffba16b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
9c80.8ae8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cfc pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
9c80.8ae8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8ae8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8ae8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA70DD2CC774EF1F0FAB230285C360AB287142D8
9c80.8ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
9c80.8ae8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
9c80.8ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'user32.dll'.
9c80.8ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
9c80.8ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
9c80.8ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
9c80.8ae8: supR3HardenedDllNotificationCallback: load 00007ffbee670000 LB 0x000b1000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
9c80.8ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbee670000 'C:\Windows\system32\uxtheme.dll'
9c80.8c44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8c44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8c44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8c44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8c44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
9c80.8c44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
9c80.8c44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
9c80.8c44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
9c80.8c44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8c44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8c44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8c44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8c44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
9c80.8c44: supR3HardenedDllNotificationCallback: load 00007ffbd2400000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
9c80.8c44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
9c80.8c44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd2400000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf2560000 'C:\Windows\system32\Shell32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msvcp_win.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbef030000 LB 0x0013f000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbef170000 LB 0x008ff000 C:\Windows\SYSTEM32\windows.storage.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [avoiding WinVerifyTrust]
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbf2e20000 LB 0x000f9000 C:\Windows\System32\SHCORE.dll [fFlags=0x0]
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
9c80.8b28: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c98 pwszName=\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
9c80.8b28: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000022071f1bc70
9c80.8b28: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000022071f1bc70
9c80.8b28: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E00664AAD131505CFEA4FB69BEF260571D07D0D8
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll'
9c80.8b28: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vid.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'devobj.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'cfgmgr32.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vid.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vid.dll' -> '\Device\HarddiskVolume3\Windows\System32\vid.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
9c80.8b28: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\vid.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\vid.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WinHvPlatform.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbdc2f0000 LB 0x0003e000 C:\Windows\SYSTEM32\vid.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbf0f50000 LB 0x0004e000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbf0f00000 LB 0x0002c000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffb95fd0000 LB 0x00047000 C:\Windows\system32\WinHvPlatform.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinHvPlatform.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb95fd0000 'C:\Windows\system32\WinHvPlatform.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vid.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\vid.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdc2f0000 'C:\Windows\system32\vid.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTDLL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf3f30000 'C:\Windows\system32\NTDLL.DLL'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vcruntime140.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbf3590000 LB 0x00474000 C:\Windows\System32\SETUPAPI.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffb5e200000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffb1a400000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbefd40000 LB 0x0002d000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffb1ac60000 LB 0x00a2c000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1ac60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1be10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb1a400000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
9c80.52dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.52dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.52dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.52dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
9c80.52dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
9c80.52dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
9c80.52dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.52dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.52dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.52dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.52dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.52dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
9c80.52dc: supR3HardenedDllNotificationCallback: load 00007ffbbec40000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
9c80.52dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
9c80.52dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbbec40000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
9c80.8618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.8618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.8618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
9c80.8618: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
9c80.8618: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
9c80.8618: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
9c80.8618: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.8618: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.8618: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\vcruntime140.dll
9c80.8618: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8618: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
9c80.8618: supR3HardenedDllNotificationCallback: load 00007ffbd2110000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
9c80.8618: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
9c80.8618: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd2110000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
9c80.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vcruntime140.dll'.
9c80.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vcruntime140_1.dll'.
9c80.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp140.dll'.
9c80.41bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
9c80.41bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
9c80.41bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp140.dll'...
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp140.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp140.dll' [rcNtRedir=0xc0150008]
9c80.41bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp140.dll
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140_1.dll'...
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140_1.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140_1.dll' [rcNtRedir=0xc0150008]
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vcruntime140.dll'...
9c80.41bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vcruntime140.dll' -> '\Device\HarddiskVolume3\Windows\System32\vcruntime140.dll' [rcNtRedir=0xc0150008]
9c80.41bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.41bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
9c80.41bc: supR3HardenedDllNotificationCallback: load 00007ffbce9e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
9c80.41bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
9c80.41bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbce9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8b28: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.8b28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
9c80.8b28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.8b28: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.8b28: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
9c80.8b28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
9c80.8b28: supR3HardenedDllNotificationCallback: load 00007ffbe1ba0000 LB 0x0009e000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1ba0000 'C:\Windows\System32\MMDevApi.dll'
9c80.8b28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8b28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1ba0000 'C:\Windows\System32\MMDEVAPI.DLL'
9c80.7d1c: supR3HardenedDllNotificationCallback: load 00007ffbf32b0000 LB 0x00160000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
9c80.7d1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.7d1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
9c80.7d1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
84dc.7e2c: \SystemRoot\System32\ntdll.dll:
84dc.7e2c: CreationTime: 2024-10-12T16:13:13.337096100Z
84dc.7e2c: LastWriteTime: 2024-10-12T16:13:13.368170000Z
84dc.7e2c: ChangeTime: 2024-10-15T19:50:08.320152600Z
84dc.7e2c: FileAttributes: 0x20
84dc.7e2c: Size: 0x216090
84dc.7e2c: NT Headers: 0xe8
84dc.7e2c: Timestamp: 0xf9f266e7
84dc.7e2c: Machine: 0x8664 - amd64
84dc.7e2c: Timestamp: 0xf9f266e7
84dc.7e2c: Image Version: 10.0
84dc.7e2c: SizeOfImage: 0x217000 (2191360)
84dc.7e2c: Resource Dir: 0x1a0000 LB 0x759a8
84dc.7e2c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
84dc.7e2c: [Raw version resource data: 0x1a00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
84dc.7e2c: ProductName: Microsoft® Windows® Operating System
84dc.7e2c: ProductVersion: 10.0.22621.4317
84dc.7e2c: FileVersion: 10.0.22621.4317 (WinBuild.160101.0800)
84dc.7e2c: FileDescription: NT Layer DLL
84dc.7e2c: \SystemRoot\System32\kernel32.dll:
84dc.7e2c: CreationTime: 2024-08-18T11:45:46.245614200Z
84dc.7e2c: LastWriteTime: 2024-08-18T11:45:46.259376700Z
84dc.7e2c: ChangeTime: 2024-10-12T16:14:17.580433400Z
84dc.7e2c: FileAttributes: 0x20
84dc.7e2c: Size: 0xc7168
84dc.7e2c: NT Headers: 0xe8
84dc.7e2c: Timestamp: 0xa9f358b9
84dc.7e2c: Machine: 0x8664 - amd64
84dc.7e2c: Timestamp: 0xa9f358b9
84dc.7e2c: Image Version: 10.0
84dc.7e2c: SizeOfImage: 0xc4000 (802816)
84dc.7e2c: Resource Dir: 0xc2000 LB 0x520
84dc.7e2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
84dc.7e2c: [Raw version resource data: 0xc20b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
84dc.7e2c: ProductName: Microsoft® Windows® Operating System
84dc.7e2c: ProductVersion: 10.0.22621.3958
84dc.7e2c: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
84dc.7e2c: FileDescription: Windows NT BASE API Client DLL
84dc.7e2c: \SystemRoot\System32\KernelBase.dll:
84dc.7e2c: CreationTime: 2024-10-12T16:13:13.874348200Z
84dc.7e2c: LastWriteTime: 2024-10-12T16:13:13.976987600Z
84dc.7e2c: ChangeTime: 2024-10-15T19:50:07.879884900Z
84dc.7e2c: FileAttributes: 0x20
84dc.7e2c: Size: 0x3bdba0
84dc.7e2c: NT Headers: 0xf8
84dc.7e2c: Timestamp: 0xcf64c6a
84dc.7e2c: Machine: 0x8664 - amd64
84dc.7e2c: Timestamp: 0xcf64c6a
84dc.7e2c: Image Version: 10.0
84dc.7e2c: SizeOfImage: 0x3b7000 (3895296)
84dc.7e2c: Resource Dir: 0x386000 LB 0x548
84dc.7e2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
84dc.7e2c: [Raw version resource data: 0x3860b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
84dc.7e2c: ProductName: Microsoft® Windows® Operating System
84dc.7e2c: ProductVersion: 10.0.22621.4249
84dc.7e2c: FileVersion: 10.0.22621.4249 (WinBuild.160101.0800)
84dc.7e2c: FileDescription: Windows NT BASE API Client DLL
84dc.7e2c: \SystemRoot\System32\apisetschema.dll:
84dc.7e2c: CreationTime: 2024-08-18T11:45:33.363168100Z
84dc.7e2c: LastWriteTime: 2024-08-18T11:45:33.366168300Z
84dc.7e2c: ChangeTime: 2024-10-12T16:14:17.396998700Z
84dc.7e2c: FileAttributes: 0x20
84dc.7e2c: Size: 0x245e0
84dc.7e2c: NT Headers: 0xc8
84dc.7e2c: Timestamp: 0x8f476251
84dc.7e2c: Machine: 0x8664 - amd64
84dc.7e2c: Timestamp: 0x8f476251
84dc.7e2c: Image Version: 10.0
84dc.7e2c: SizeOfImage: 0x23000 (143360)
84dc.7e2c: Resource Dir: 0x22000 LB 0x408
84dc.7e2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
84dc.7e2c: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
84dc.7e2c: ProductName: Microsoft® Windows® Operating System
84dc.7e2c: ProductVersion: 10.0.22621.3958
84dc.7e2c: FileVersion: 10.0.22621.3958 (WinBuild.160101.0800)
84dc.7e2c: FileDescription: ApiSet Schema DLL
84dc.7e2c: supR3HardenedWinFindAdversaries: 0x0
84dc.7e2c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
84dc.7e2c: Calling main()
84dc.7e2c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x3
84dc.7e2c: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
84dc.7e2c: System32: \Device\HarddiskVolume3\Windows\System32
84dc.7e2c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
84dc.7e2c: KnownDllPath: C:\Windows\System32
84dc.7e2c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
84dc.7e2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
84dc.7e2c: supR3HardNtEnableThreadCreationEx:
84dc.7e2c: bcrypt.dll loaded at 00007ffbf1400000, BCryptOpenAlgorithmProvider at 00007ffbf1404520, preloading providers:
84dc.7e2c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000001f11eb5b000)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000001f11eb63870)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000001f11eb63bc0)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000001f11eb63f10)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000001f11eb64260)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000001f11eb645b0)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000001f11eb64900)
84dc.7e2c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000001f11eb64c50)
84dc.7e2c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
84dc.7e2c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000001f11eba4330
84dc.7e2c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000001f11eba4330
84dc.7e2c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E45681AAA4DF35F95CF4CDCC7434AD683E6F09E9
84dc.7e2c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051420~31bf3856ad364e35~amd64~~10.0.22621.4317.cat'; file='\SystemRoot\System32\ntdll.dll'
84dc.7e2c: g_pfnWinVerifyTrust=00007ffbf1c024c0
84dc.7e2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) WinVerifyTrust
84dc.7e2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
84dc.7e2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
84dc.7e2c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
84dc.7e2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) WinVerifyTrust
84dc.7e2c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x90db3c55e94ed6ab CN=Bitdefender Personal CA.Net-Defender, OU=IDS, O=Bitdefender, C=US
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x62e562aabc48cf00 C=DE, Email=info@win-unattended.de, CN=Win-Unattended
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cffd65c5161f300 C=US, ST=California, L=Irvine, O=Blizzard Entertainment, OU=Battle.net, CN=Blizzard Battle.net Local Cert
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb58b8802a8fec00 CN=DESKTOP-OP1A
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x670683072a91b300 C=US, O=Microsoft Corporation, CN=Microsoft Identity Verification Root Certificate Authority 2020
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x80d5e6f878f9bd00 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x2404221294e78d00 C=GB, O=Sectigo Limited, CN=Sectigo Public Code Signing Root R46
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x96cb178d285f9e36 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf966ca73e8079500 OU=GlobalSign Root CA - R6, O=GlobalSign, CN=GlobalSign
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x298c3394be5bca00 C=US, O=Microsoft Corporation, CN=Microsoft RSA Root Certificate Authority 2017
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x362d8807333b600 C=US, O=DigiCert, Inc., CN=DigiCert CS RSA4096 Root G5
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x7b3081c535b843ae C=US, O=Google Trust Services LLC, CN=GTS Root R4
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
84dc.7e2c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
84dc.7e2c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=74
84dc.7e2c: SUPR3HardenedMain: Load Runtime...
84dc.7e2c: SUPR3HardenedMain: Load TrustedMain...
84dc.7e2c: SUPR3HardenedMain: Calling TrustedMain (00007ffb249a19a0)...
9c80.9748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.9748: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9c80.9748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1bf0000 'C:\Windows\System32\WINTRUST.DLL'
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\CRYPT32.dll'
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9748: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'.
9c80.9748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
9c80.9748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mswsock.dll) WinVerifyTrust
9c80.9748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mswsock.dll
9c80.9748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.9748: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.9748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
9c80.9748: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
9c80.9748: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
9c80.9748: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
9c80.9748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.9748: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
9c80.9748: supR3HardenedDllNotificationCallback: load 00007ffbf07a0000 LB 0x00069000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf07a0000 'C:\Windows\system32\mswsock.dll'
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mswsock.dll
9c80.9748: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.9748: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf07a0000 'C:\Windows\system32\mswsock.dll'
9c80.9748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
9c80.9748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
9c80.9748: supR3HardenedDllNotificationCallback: load 00007ffbefd70000 LB 0x00102000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [avoiding WinVerifyTrust]
9c80.9748: supR3HardenedDllNotificationCallback: load 00007ffbf3b50000 LB 0x00009000 C:\Windows\System32\NSI.dll [fFlags=0x0]
9c80.9748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
9c80.9748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
9c80.9748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9c80.9748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
9c80.9748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
9c80.9748: supR3HardenedDllNotificationCallback: load 00007ffbed630000 LB 0x00019000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
9c80.9748: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
9c80.9748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
9c80.9748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
9c80.9748: supR3HardenedDllNotificationCallback: load 00007ffbed610000 LB 0x0001f000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
9c80.9748: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
9c80.9748: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
9c80.9748: supR3HardenedDllNotificationCallback: load 00007ffbee930000 LB 0x0000d000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
9c80.9748: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9730: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9c80.9730: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1bf0000 'C:\Windows\System32\WINTRUST.DLL'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\CRYPT32.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9730: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9730: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9730: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9730: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9730: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.9730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
9c80.9730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
9c80.9730: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
9c80.9730: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
9c80.9730: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
9c80.9730: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.9730: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
9c80.9730: supR3HardenedDllNotificationCallback: load 00007ffbd3070000 LB 0x001ed000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
9c80.9730: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
9c80.9730: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbd3070000 'C:\Windows\System32\AUDIOSES.DLL'
9c80.9730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.9730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
9c80.9730: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll)
9c80.9730: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll
9c80.9730: supR3HardenedDllNotificationCallback: load 00007ffbeec20000 LB 0x00015000 C:\Windows\SYSTEM32\resourcepolicyclient.dll [fFlags=0x0]
9c80.9730: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll [avoiding WinVerifyTrust]
9c80.9730: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
9c80.9730: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
9c80.9730: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
9c80.9730: supR3HardenedDllNotificationCallback: load 00007ffbf00b0000 LB 0x0004d000 C:\Windows\SYSTEM32\powrprof.dll [fFlags=0x0]
9c80.9730: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll [avoiding WinVerifyTrust]
9c80.9730: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\umpdc.dll)
9c80.9730: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\umpdc.dll
9c80.9730: supR3HardenedDllNotificationCallback: load 00007ffbf0090000 LB 0x00013000 C:\Windows\SYSTEM32\UMPDC.dll [fFlags=0x0]
9c80.9730: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\umpdc.dll [avoiding WinVerifyTrust]
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9c80.8ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1bf0000 'C:\Windows\System32\WINTRUST.DLL'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\CRYPT32.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\umpdc.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf02c0000 'C:\Windows\system32\rsaenh.dll'
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1a80000 'C:\Windows\System32\crypt32.dll'
9c80.8ae8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ResourcePolicyClient.dll'
9c80.8ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\User32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
9c80.8ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbf1e50000 'C:\Windows\system32\User32.dll'
9c80.5538: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9c80.5538: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\edputil.dll)
9c80.5538: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\edputil.dll
9c80.5538: supR3HardenedDllNotificationCallback: load 00007ffbbf780000 LB 0x00028000 C:\Windows\SYSTEM32\edputil.dll [fFlags=0x0]
9c80.5538: supR3HardenedScreenImage/LdrLoadDll: cache hit (22900) on \Device\HarddiskVolume3\Windows\System32\edputil.dll [avoiding WinVerifyTrust]
9c80.41bc: supR3HardenedDllNotificationCallback: Unload 00007ffbce9e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
9c80.8618: supR3HardenedDllNotificationCallback: Unload 00007ffbd2110000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
9c80.52dc: supR3HardenedDllNotificationCallback: Unload 00007ffbbec40000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
9c80.8c44: supR3HardenedDllNotificationCallback: Unload 00007ffbd2400000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
9c80.8ae8: supR3HardenedDllNotificationCallback: Unload 00007ffba16b0000 LB 0x00021000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
9c80.8b28: supR3HardenedDllNotificationCallback: Unload 00007ffb1ac60000 LB 0x00a2c000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
9c80.8b28: supR3HardenedDllNotificationCallback: Unload 00007ffb5e200000 LB 0x00071000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
9c80.8b28: supR3HardenedDllNotificationCallback: Unload 00007ffb1a400000 LB 0x0085d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
9c80.8b28: supR3HardenedDllNotificationCallback: Unload 00007ffbf3590000 LB 0x00474000 C:\Windows\System32\SETUPAPI.dll [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffb1b690000 LB 0x0057c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffb58170000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffbe3aa0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffbe44d0000 LB 0x00010000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffb1be10000 LB 0x003f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffbe3ac0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
9c80.8984: supR3HardenedDllNotificationCallback: Unload 00007ffbe42d0000 LB 0x00080000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
9c80.8984: Terminating the normal way: rcExit=0
935c.98b0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2619221 ms, the end);
7758.3dfc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2620127 ms, the end);
84dc.7e2c: Terminating the normal way: rcExit=0
Reference in New Issue View Git Blame Copy Permalink