Ticket #17837: VBoxHardening.log

12ac.890: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00
12ac.890: \SystemRoot\System32\ntdll.dll:
12ac.890:     CreationTime:    2018-06-13T00:04:48.619830200Z
12ac.890:     LastWriteTime:   2018-06-08T09:29:38.672295100Z
12ac.890:     ChangeTime:      2018-06-13T12:36:30.318409700Z
12ac.890:     FileAttributes:  0x20
12ac.890:     Size:            0x1db2d8
12ac.890:     NT Headers:      0xe8
12ac.890:     Timestamp:       0x6529f37c
12ac.890:     Machine:         0x8664 - amd64
12ac.890:     Timestamp:       0x6529f37c
12ac.890:     Image Version:   10.0
12ac.890:     SizeOfImage:     0x1e1000 (1970176)
12ac.890:     Resource Dir:    0x174000 LB 0x6b338
12ac.890:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
12ac.890:     [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
12ac.890:     ProductName:     Microsoft® Windows® Operating System
12ac.890:     ProductVersion:  10.0.17134.112
12ac.890:     FileVersion:     10.0.17134.112 (WinBuild.160101.0800)
12ac.890:     FileDescription: NT Layer DLL
12ac.890: \SystemRoot\System32\kernel32.dll:
12ac.890:     CreationTime:    2018-04-11T23:34:33.430805800Z
12ac.890:     LastWriteTime:   2018-04-11T23:34:33.430805800Z
12ac.890:     ChangeTime:      2018-05-16T03:28:28.576163900Z
12ac.890:     FileAttributes:  0x20
12ac.890:     Size:            0xafef8
12ac.890:     NT Headers:      0xe8
12ac.890:     Timestamp:       0x5f488a51
12ac.890:     Machine:         0x8664 - amd64
12ac.890:     Timestamp:       0x5f488a51
12ac.890:     Image Version:   10.0
12ac.890:     SizeOfImage:     0xb2000 (729088)
12ac.890:     Resource Dir:    0xb0000 LB 0x520
12ac.890:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
12ac.890:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
12ac.890:     ProductName:     Microsoft® Windows® Operating System
12ac.890:     ProductVersion:  10.0.17134.1
12ac.890:     FileVersion:     10.0.17134.1 (WinBuild.160101.0800)
12ac.890:     FileDescription: Windows NT BASE API Client DLL
12ac.890: \SystemRoot\System32\KernelBase.dll:
12ac.890:     CreationTime:    2018-06-13T00:05:08.838861900Z
12ac.890:     LastWriteTime:   2018-06-08T09:29:25.975552800Z
12ac.890:     ChangeTime:      2018-06-13T12:36:29.907759300Z
12ac.890:     FileAttributes:  0x20
12ac.890:     Size:            0x2739d8
12ac.890:     NT Headers:      0xf8
12ac.890:     Timestamp:       0xf2b2cb6c
12ac.890:     Machine:         0x8664 - amd64
12ac.890:     Timestamp:       0xf2b2cb6c
12ac.890:     Image Version:   10.0
12ac.890:     SizeOfImage:     0x273000 (2568192)
12ac.890:     Resource Dir:    0x251000 LB 0x548
12ac.890:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
12ac.890:     [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
12ac.890:     ProductName:     Microsoft® Windows® Operating System
12ac.890:     ProductVersion:  10.0.17134.112
12ac.890:     FileVersion:     10.0.17134.112 (WinBuild.160101.0800)
12ac.890:     FileDescription: Windows NT BASE API Client DLL
12ac.890: \SystemRoot\System32\apisetschema.dll:
12ac.890:     CreationTime:    2018-04-11T23:34:37.197833800Z
12ac.890:     LastWriteTime:   2018-04-11T23:34:37.197833800Z
12ac.890:     ChangeTime:      2018-05-16T04:20:54.698218700Z
12ac.890:     FileAttributes:  0x20
12ac.890:     Size:            0x1bd98
12ac.890:     NT Headers:      0xd0
12ac.890:     Timestamp:       0xd02ff418
12ac.890:     Machine:         0x8664 - amd64
12ac.890:     Timestamp:       0xd02ff418
12ac.890:     Image Version:   10.0
12ac.890:     SizeOfImage:     0x1c000 (114688)
12ac.890:     Resource Dir:    0x1b000 LB 0x408
12ac.890:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
12ac.890:     [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
12ac.890:     ProductName:     Microsoft® Windows® Operating System
12ac.890:     ProductVersion:  10.0.17134.1
12ac.890:     FileVersion:     10.0.17134.1 (WinBuild.160101.0800)
12ac.890:     FileDescription: ApiSet Schema DLL
12ac.890: NtOpenDirectoryObject failed on \Driver: 0xc0000022
12ac.890: supR3HardenedWinFindAdversaries: 0x0
12ac.890: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
12ac.890: Calling main()
12ac.890: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
12ac.890: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
12ac.890: SUPR3HardenedMain: Respawn #1
12ac.890: System32:  \Device\HarddiskVolume2\Windows\System32
12ac.890: WinSxS:    \Device\HarddiskVolume2\Windows\WinSxS
12ac.890: KnownDllPath: C:\Windows\System32
12ac.890: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
12ac.890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
12ac.890: supR3HardNtEnableThreadCreation:
12ac.890: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3b6b2fc0 pvNtTerminateThread=00007ffc3b6da900
12ac.890: supR3HardenedWinDoReSpawn(1): New child 70.13c8 [kernel32].
12ac.890: supR3HardNtChildGatherData: PebBaseAddress=0000000000332000 cbPeb=0x388
12ac.890: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc3b640000 uNtDllChildAddr=00007ffc3b640000
12ac.890: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc3b6b2fc0
12ac.890: supR3HardenedWinSetupChildInit: Start child.
12ac.890: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
12ac.890: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
12ac.890: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12ac.890:  *0000000000000000-00000000000dffff 0x0001/0x0000 0x0000000
12ac.890:  *00000000000e0000-00000000000fffff 0x0004/0x0004 0x0020000
12ac.890:  *0000000000100000-0000000000118fff 0x0002/0x0002 0x0040000
12ac.890:   0000000000119000-000000000011ffff 0x0001/0x0000 0x0000000
12ac.890:  *0000000000120000-0000000000123fff 0x0002/0x0002 0x0040000
12ac.890:   0000000000124000-000000000012ffff 0x0001/0x0000 0x0000000
12ac.890:  *0000000000130000-0000000000130fff 0x0004/0x0004 0x0020000
12ac.890:   0000000000131000-00000000001fffff 0x0001/0x0000 0x0000000
12ac.890:  *0000000000200000-0000000000331fff 0x0000/0x0004 0x0020000
12ac.890:   0000000000332000-0000000000334fff 0x0004/0x0004 0x0020000
12ac.890:   0000000000335000-00000000003fffff 0x0000/0x0004 0x0020000
12ac.890:  *0000000000400000-00000000004fafff 0x0000/0x0004 0x0020000
12ac.890:   00000000004fb000-00000000004fdfff 0x0104/0x0004 0x0020000
12ac.890:   00000000004fe000-00000000004fffff 0x0004/0x0004 0x0020000
12ac.890:   0000000000500000-000000007ffdffff 0x0001/0x0000 0x0000000
12ac.890:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
12ac.890:   000000007ffe1000-00007ff5b307ffff 0x0001/0x0000 0x0000000
12ac.890:  *00007ff5b3080000-00007ff5b30a2fff 0x0002/0x0002 0x0040000
12ac.890:   00007ff5b30a3000-00007ff6c35affff 0x0001/0x0000 0x0000000
12ac.890:  *00007ff6c35b0000-00007ff6c35b0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c35b1000-00007ff6c3621fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3622000-00007ff6c3622fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3623000-00007ff6c3668fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3669000-00007ff6c3669fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c366a000-00007ff6c366afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c366b000-00007ff6c366ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3670000-00007ff6c3670fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3671000-00007ff6c3671fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3672000-00007ff6c3675fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c3676000-00007ff6c36bdfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12ac.890:   00007ff6c36be000-00007ffc3b63ffff 0x0001/0x0000 0x0000000
12ac.890:  *00007ffc3b640000-00007ffc3b640fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b641000-00007ffc3b74ffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b750000-00007ffc3b795fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b796000-00007ffc3b7a0fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b7a1000-00007ffc3b7aefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b7af000-00007ffc3b7affff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b7b0000-00007ffc3b7b2fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b7b3000-00007ffc3b820fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12ac.890:   00007ffc3b821000-00007ffffffeffff 0x0001/0x0000 0x0000000
12ac.890: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS)
12ac.890: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
12ac.890: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
12ac.890: supR3HardNtChildPurify: Done after 344 ms and 0 fixes (loop #0).
70.13c8: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
70.13c8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc3b640000 g_uNtVerCombined=0xa042ee00
70.13c8: ntdll.dll: timestamp 0x6529f37c (rc=VINF_SUCCESS)
70.13c8: New simple heap: #1 0000000000600000 LB 0x400000 (for 1970176 allocation)
12ac.890: supR3HardNtEnableThreadCreation:
70.13c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
70.13c8: System32:  \Device\HarddiskVolume2\Windows\System32
70.13c8: WinSxS:    \Device\HarddiskVolume2\Windows\WinSxS
70.13c8: KnownDllPath: C:\Windows\System32
70.13c8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
70.13c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
70.13c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
70.13c8: Registered Dll notification callback with NTDLL.
70.13c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
70.13c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
70.13c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
70.13c8: supR3HardenedDllNotificationCallback: load   00007ffc385c0000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
70.13c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
70.13c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
70.13c8: supR3HardenedDllNotificationCallback: load   00007ffc38ea0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
70.13c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
70.13c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ea0000 'C:\Windows\System32\KERNEL32.DLL'
70.13c8: supR3HardenedDllNotificationCallback: load   00007ff6c35b0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
70.13c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
70.13c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
70.13c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3b6b2fc0 pvNtTerminateThread=00007ffc3b6da900
12ac.890: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 141 ms.
70.13c8: \SystemRoot\System32\ntdll.dll:
70.13c8:     CreationTime:    2018-06-13T00:04:48.619830200Z
70.13c8:     LastWriteTime:   2018-06-08T09:29:38.672295100Z
70.13c8:     ChangeTime:      2018-06-13T12:36:30.318409700Z
70.13c8:     FileAttributes:  0x20
70.13c8:     Size:            0x1db2d8
70.13c8:     NT Headers:      0xe8
70.13c8:     Timestamp:       0x6529f37c
70.13c8:     Machine:         0x8664 - amd64
70.13c8:     Timestamp:       0x6529f37c
70.13c8:     Image Version:   10.0
70.13c8:     SizeOfImage:     0x1e1000 (1970176)
70.13c8:     Resource Dir:    0x174000 LB 0x6b338
70.13c8:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
70.13c8:     [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
70.13c8:     ProductName:     Microsoft® Windows® Operating System
70.13c8:     ProductVersion:  10.0.17134.112
70.13c8:     FileVersion:     10.0.17134.112 (WinBuild.160101.0800)
70.13c8:     FileDescription: NT Layer DLL
70.13c8: \SystemRoot\System32\kernel32.dll:
70.13c8:     CreationTime:    2018-04-11T23:34:33.430805800Z
70.13c8:     LastWriteTime:   2018-04-11T23:34:33.430805800Z
70.13c8:     ChangeTime:      2018-05-16T03:28:28.576163900Z
70.13c8:     FileAttributes:  0x20
70.13c8:     Size:            0xafef8
70.13c8:     NT Headers:      0xe8
70.13c8:     Timestamp:       0x5f488a51
70.13c8:     Machine:         0x8664 - amd64
70.13c8:     Timestamp:       0x5f488a51
70.13c8:     Image Version:   10.0
70.13c8:     SizeOfImage:     0xb2000 (729088)
70.13c8:     Resource Dir:    0xb0000 LB 0x520
70.13c8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
70.13c8:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
70.13c8:     ProductName:     Microsoft® Windows® Operating System
70.13c8:     ProductVersion:  10.0.17134.1
70.13c8:     FileVersion:     10.0.17134.1 (WinBuild.160101.0800)
70.13c8:     FileDescription: Windows NT BASE API Client DLL
70.13c8: \SystemRoot\System32\KernelBase.dll:
70.13c8:     CreationTime:    2018-06-13T00:05:08.838861900Z
70.13c8:     LastWriteTime:   2018-06-08T09:29:25.975552800Z
70.13c8:     ChangeTime:      2018-06-13T12:36:29.907759300Z
70.13c8:     FileAttributes:  0x20
70.13c8:     Size:            0x2739d8
70.13c8:     NT Headers:      0xf8
70.13c8:     Timestamp:       0xf2b2cb6c
70.13c8:     Machine:         0x8664 - amd64
70.13c8:     Timestamp:       0xf2b2cb6c
70.13c8:     Image Version:   10.0
70.13c8:     SizeOfImage:     0x273000 (2568192)
70.13c8:     Resource Dir:    0x251000 LB 0x548
70.13c8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
70.13c8:     [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
70.13c8:     ProductName:     Microsoft® Windows® Operating System
70.13c8:     ProductVersion:  10.0.17134.112
70.13c8:     FileVersion:     10.0.17134.112 (WinBuild.160101.0800)
70.13c8:     FileDescription: Windows NT BASE API Client DLL
70.13c8: \SystemRoot\System32\apisetschema.dll:
70.13c8:     CreationTime:    2018-04-11T23:34:37.197833800Z
70.13c8:     LastWriteTime:   2018-04-11T23:34:37.197833800Z
70.13c8:     ChangeTime:      2018-05-16T04:20:54.698218700Z
70.13c8:     FileAttributes:  0x20
70.13c8:     Size:            0x1bd98
70.13c8:     NT Headers:      0xd0
70.13c8:     Timestamp:       0xd02ff418
70.13c8:     Machine:         0x8664 - amd64
70.13c8:     Timestamp:       0xd02ff418
70.13c8:     Image Version:   10.0
70.13c8:     SizeOfImage:     0x1c000 (114688)
70.13c8:     Resource Dir:    0x1b000 LB 0x408
70.13c8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
70.13c8:     [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
70.13c8:     ProductName:     Microsoft® Windows® Operating System
70.13c8:     ProductVersion:  10.0.17134.1
70.13c8:     FileVersion:     10.0.17134.1 (WinBuild.160101.0800)
70.13c8:     FileDescription: ApiSet Schema DLL
70.13c8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
70.13c8: supR3HardenedWinFindAdversaries: 0x0
70.13c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
70.13c8: Calling main()
70.13c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
70.13c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
70.13c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
70.13c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
70.13c8: SUPR3HardenedMain: Respawn #2
70.13c8: supR3HardNtEnableThreadCreation:
70.13c8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
70.13c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
70.13c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
70.13c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b640000 'C:\Windows\System32\ntdll.dll'
70.13c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3b6b2fc0 pvNtTerminateThread=00007ffc3b6da900
70.13c8: supR3HardenedWinDoReSpawn(2): New child 1c3c.1868 [kernel32].
70.13c8: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
70.13c8: supR3HardNtChildGatherData: PebBaseAddress=000000000088b000 cbPeb=0x388
70.13c8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc3b640000 uNtDllChildAddr=00007ffc3b640000
70.13c8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc3b6b2fc0
70.13c8: supR3HardenedWinSetupChildInit: Start child.
70.13c8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
70.13c8: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 16 sleeps
70.13c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
70.13c8:  *0000000000000000-00000000006affff 0x0001/0x0000 0x0000000
70.13c8:  *00000000006b0000-00000000006cffff 0x0004/0x0004 0x0020000
70.13c8:  *00000000006d0000-00000000006e8fff 0x0002/0x0002 0x0040000
70.13c8:   00000000006e9000-00000000006effff 0x0001/0x0000 0x0000000
70.13c8:  *00000000006f0000-00000000007eafff 0x0000/0x0004 0x0020000
70.13c8:   00000000007eb000-00000000007edfff 0x0104/0x0004 0x0020000
70.13c8:   00000000007ee000-00000000007effff 0x0004/0x0004 0x0020000
70.13c8:  *00000000007f0000-00000000007f3fff 0x0002/0x0002 0x0040000
70.13c8:   00000000007f4000-00000000007fffff 0x0001/0x0000 0x0000000
70.13c8:  *0000000000800000-000000000088afff 0x0000/0x0004 0x0020000
70.13c8:   000000000088b000-000000000088dfff 0x0004/0x0004 0x0020000
70.13c8:   000000000088e000-00000000009fffff 0x0000/0x0004 0x0020000
70.13c8:  *0000000000a00000-0000000000a00fff 0x0004/0x0004 0x0020000
70.13c8:   0000000000a01000-000000007ffdffff 0x0001/0x0000 0x0000000
70.13c8:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
70.13c8:   000000007ffe1000-00007ff5fb81ffff 0x0001/0x0000 0x0000000
70.13c8:  *00007ff5fb820000-00007ff5fb842fff 0x0002/0x0002 0x0040000
70.13c8:   00007ff5fb843000-00007ff6c35affff 0x0001/0x0000 0x0000000
70.13c8:  *00007ff6c35b0000-00007ff6c35b0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c35b1000-00007ff6c3621fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3622000-00007ff6c3622fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3623000-00007ff6c3668fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3669000-00007ff6c3669fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c366a000-00007ff6c366afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c366b000-00007ff6c366ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3670000-00007ff6c3670fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3671000-00007ff6c3671fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3672000-00007ff6c3675fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c3676000-00007ff6c36bdfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
70.13c8:   00007ff6c36be000-00007ffc3b63ffff 0x0001/0x0000 0x0000000
70.13c8:  *00007ffc3b640000-00007ffc3b640fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b641000-00007ffc3b74ffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b750000-00007ffc3b795fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b796000-00007ffc3b7a0fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b7a1000-00007ffc3b7aefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b7af000-00007ffc3b7affff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b7b0000-00007ffc3b7b2fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b7b3000-00007ffc3b820fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
70.13c8:   00007ffc3b821000-00007ffffffeffff 0x0001/0x0000 0x0000000
70.13c8: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS)
70.13c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
70.13c8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
70.13c8: supR3HardNtChildPurify: Done after 328 ms and 0 fixes (loop #0).
1c3c.1868: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
1c3c.1868: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc3b640000 g_uNtVerCombined=0xa042ee00
1c3c.1868: ntdll.dll: timestamp 0x6529f37c (rc=VINF_SUCCESS)
1c3c.1868: New simple heap: #1 0000000000b10000 LB 0x400000 (for 1970176 allocation)
70.13c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000600000 LB 0x400000)
70.13c8: supR3HardNtEnableThreadCreation:
1c3c.1868: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1c3c.1868: System32:  \Device\HarddiskVolume2\Windows\System32
1c3c.1868: WinSxS:    \Device\HarddiskVolume2\Windows\WinSxS
1c3c.1868: KnownDllPath: C:\Windows\System32
1c3c.1868: supR3HardenedVmProcessInit: Opening vboxdrv...
1c3c.1868: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1c3c.1868: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1c3c.1868: Registered Dll notification callback with NTDLL.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc385c0000 LB 0x00273000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38ea0000 LB 0x000b2000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ea0000 'C:\Windows\System32\KERNEL32.DLL'
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ff6c35b0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1c3c.1868: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1c3c.1868: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc3b6b2fc0 pvNtTerminateThread=00007ffc3b6da900
70.13c8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 219 ms.
1c3c.1868: \SystemRoot\System32\ntdll.dll:
1c3c.1868:     CreationTime:    2018-06-13T00:04:48.619830200Z
1c3c.1868:     LastWriteTime:   2018-06-08T09:29:38.672295100Z
1c3c.1868:     ChangeTime:      2018-06-13T12:36:30.318409700Z
1c3c.1868:     FileAttributes:  0x20
1c3c.1868:     Size:            0x1db2d8
1c3c.1868:     NT Headers:      0xe8
1c3c.1868:     Timestamp:       0x6529f37c
1c3c.1868:     Machine:         0x8664 - amd64
1c3c.1868:     Timestamp:       0x6529f37c
1c3c.1868:     Image Version:   10.0
1c3c.1868:     SizeOfImage:     0x1e1000 (1970176)
1c3c.1868:     Resource Dir:    0x174000 LB 0x6b338
1c3c.1868:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c3c.1868:     [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1c3c.1868:     ProductName:     Microsoft® Windows® Operating System
1c3c.1868:     ProductVersion:  10.0.17134.112
1c3c.1868:     FileVersion:     10.0.17134.112 (WinBuild.160101.0800)
1c3c.1868:     FileDescription: NT Layer DLL
1c3c.1868: \SystemRoot\System32\kernel32.dll:
1c3c.1868:     CreationTime:    2018-04-11T23:34:33.430805800Z
1c3c.1868:     LastWriteTime:   2018-04-11T23:34:33.430805800Z
1c3c.1868:     ChangeTime:      2018-05-16T03:28:28.576163900Z
1c3c.1868:     FileAttributes:  0x20
1c3c.1868:     Size:            0xafef8
1c3c.1868:     NT Headers:      0xe8
1c3c.1868:     Timestamp:       0x5f488a51
1c3c.1868:     Machine:         0x8664 - amd64
1c3c.1868:     Timestamp:       0x5f488a51
1c3c.1868:     Image Version:   10.0
1c3c.1868:     SizeOfImage:     0xb2000 (729088)
1c3c.1868:     Resource Dir:    0xb0000 LB 0x520
1c3c.1868:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c3c.1868:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1c3c.1868:     ProductName:     Microsoft® Windows® Operating System
1c3c.1868:     ProductVersion:  10.0.17134.1
1c3c.1868:     FileVersion:     10.0.17134.1 (WinBuild.160101.0800)
1c3c.1868:     FileDescription: Windows NT BASE API Client DLL
1c3c.1868: \SystemRoot\System32\KernelBase.dll:
1c3c.1868:     CreationTime:    2018-06-13T00:05:08.838861900Z
1c3c.1868:     LastWriteTime:   2018-06-08T09:29:25.975552800Z
1c3c.1868:     ChangeTime:      2018-06-13T12:36:29.907759300Z
1c3c.1868:     FileAttributes:  0x20
1c3c.1868:     Size:            0x2739d8
1c3c.1868:     NT Headers:      0xf8
1c3c.1868:     Timestamp:       0xf2b2cb6c
1c3c.1868:     Machine:         0x8664 - amd64
1c3c.1868:     Timestamp:       0xf2b2cb6c
1c3c.1868:     Image Version:   10.0
1c3c.1868:     SizeOfImage:     0x273000 (2568192)
1c3c.1868:     Resource Dir:    0x251000 LB 0x548
1c3c.1868:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c3c.1868:     [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1c3c.1868:     ProductName:     Microsoft® Windows® Operating System
1c3c.1868:     ProductVersion:  10.0.17134.112
1c3c.1868:     FileVersion:     10.0.17134.112 (WinBuild.160101.0800)
1c3c.1868:     FileDescription: Windows NT BASE API Client DLL
1c3c.1868: \SystemRoot\System32\apisetschema.dll:
1c3c.1868:     CreationTime:    2018-04-11T23:34:37.197833800Z
1c3c.1868:     LastWriteTime:   2018-04-11T23:34:37.197833800Z
1c3c.1868:     ChangeTime:      2018-05-16T04:20:54.698218700Z
1c3c.1868:     FileAttributes:  0x20
1c3c.1868:     Size:            0x1bd98
1c3c.1868:     NT Headers:      0xd0
1c3c.1868:     Timestamp:       0xd02ff418
1c3c.1868:     Machine:         0x8664 - amd64
1c3c.1868:     Timestamp:       0xd02ff418
1c3c.1868:     Image Version:   10.0
1c3c.1868:     SizeOfImage:     0x1c000 (114688)
1c3c.1868:     Resource Dir:    0x1b000 LB 0x408
1c3c.1868:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c3c.1868:     [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1c3c.1868:     ProductName:     Microsoft® Windows® Operating System
1c3c.1868:     ProductVersion:  10.0.17134.1
1c3c.1868:     FileVersion:     10.0.17134.1 (WinBuild.160101.0800)
1c3c.1868:     FileDescription: ApiSet Schema DLL
1c3c.1868: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1c3c.1868: supR3HardenedWinFindAdversaries: 0x0
1c3c.1868: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1c3c.1868: Calling main()
1c3c.1868: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1c3c.1868: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1c3c.1868: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1c3c.1868: SUPR3HardenedMain: Final process, opening VBoxDrv...
1c3c.1868: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000b10000 LB 0x400000)
1c3c.1868: supR3HardNtEnableThreadCreation:
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc20ff0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc20ff0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38c50000 LB 0x0009e000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37960000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37a10000 LB 0x000fa000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc382a0000 LB 0x001e2000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38d70000 LB 0x00124000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc39290000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3b3d0000 LB 0x000a1000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38240000 LB 0x00057000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-synch-l1-2-0'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-fibers-l1-1-1'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-fibers-l1-1-1'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-synch-l1-2-0'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-localization-l1-2-1'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38240000 'C:\Windows\system32\Wintrust.dll'
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc374b0000 LB 0x00025000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc374b0000 'C:\Windows\system32\bcrypt.dll'
1c3c.1868: bcrypt.dll loaded at 00007ffc374b0000, BCryptOpenAlgorithmProvider at 00007ffc374b2770, preloading providers:
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38490000 LB 0x0007a000 C:\Windows\System32\bcryptprimitives.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38490000 'C:\Windows\system32\bcryptprimitives.dll'
1c3c.1868:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000f64f00)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000f6eee0)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000f6f9c0)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000f6fc90)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000f6ff60)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000f70230)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000f70500)
1c3c.1868:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000f707d0)
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37380000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36db0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc373a0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ea0000 'C:\Windows\System32\kernel32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38240000 'C:\Windows\System32\WINTRUST.DLL'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\CRYPT32.dll'
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38cf0000 LB 0x0001d000 C:\Windows\System32\imagehlp.dll [fFlags=0x0]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36690000 LB 0x00022000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc379f0000 LB 0x0001f000 C:\Windows\System32\profapi.dll [fFlags=0x0]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc1f020000 LB 0x0002e000 C:\Windows\System32\cryptnet.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1f020000 'C:\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AE8B48C4DE4B2B892A7EA6050127B678C7A2213
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38d70000 'C:\Windows\System32\rpcrt4.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1173_for_KB4284835~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
1c3c.1868: g_pfnWinVerifyTrust=00007ffc38249940
1c3c.1868: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2EB3B5899525BF398A932A3B6257F3B13169332E
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\system32\crypt32.dll'
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x13e9e2f1555eba00 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xf27194c5fa02d100 C=EN, CN=0a45729c75089f2b 2
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xa4ed27664a6cbd00 CN=DSA Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x6bf371f60ee2bd00 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x41776d193ac2ce00 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x146cf3d438f3c400 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1c3c.1868: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1c3c.1868: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52
1c3c.1868: SUPR3HardenedMain: Load Runtime...
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   0000000054da0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   0000000054d00000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3b570000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc11190000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11190000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38240000 'C:\Windows\system32\Wintrust.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\system32\crypt32.dll'
1c3c.1868: SUPR3HardenedMain: Load TrustedMain...
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1c3c.1868: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'shlwapi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'comctl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'shell32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'iphlpapi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcrypt.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\propsys.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19A1CD90C2208B3BD0567A538CC10CADA852F417
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.112_none_f94f898130982b3f\comctl32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.112_none_f94f898130982b3f\comctl32.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37b10000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38a30000 LB 0x0009f000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38890000 LB 0x00192000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32full.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32full.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3ac20000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3b240000 LB 0x00190000 C:\Windows\System32\USER32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc19170000 LB 0x0002c000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc10f90000 LB 0x00120000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38840000 LB 0x00049000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38f60000 LB 0x00323000 C:\Windows\System32\combase.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc39550000 LB 0x000a9000 C:\Windows\System32\shcore.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3ab20000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37980000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc379a0000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37950000 LB 0x0000a000 C:\Windows\System32\FLTLIB.DLL [fFlags=0x0]
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\fltLib.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fltLib.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37b30000 LB 0x0070d000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #54 'combase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'profapi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #81 'fltlib.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc39600000 LB 0x01440000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc38ad0000 LB 0x00151000 C:\Windows\System32\ole32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc1d8c0000 LB 0x0001a000 C:\Windows\SYSTEM32\MPR.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   0000000054790000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc0e370000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   0000000054220000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc392f0000 LB 0x000c2000 C:\Windows\System32\OLEAUT32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc34800000 LB 0x001b4000 C:\Windows\SYSTEM32\PROPSYS.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36f50000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc33840000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc14f00000 LB 0x000a7000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.112_none_f94f898130982b3f\COMCTL32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.112_none_f94f898130982b3f\comctl32.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3b480000 LB 0x000ed000 C:\Windows\System32\COMDLG32.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc17150000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00000000541c0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc355a0000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc355d0000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc0e970000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\fltLib.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\fltLib.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\powrprof.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32full.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.112_none_f94f898130982b3f\comctl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.17134.112_none_f94f898130982b3f\comctl32.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\propsys.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rescheduled]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume2\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\fltLib.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\fltLib.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\combase.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ea0000 'C:\Windows\System32\kernel32.dll'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-string-l1-1-0'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-datetime-l1-1-1'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-localization-obsolete-l1-2-0'
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'win32u.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
1c3c.1868: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\win32u.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3b5e0000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b5e0000 'C:\Windows\system32\IMM32.DLL'
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\imm32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b5e0000 'C:\Windows\System32\imm32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b3d0000 'C:\Windows\System32\ADVAPI32.DLL'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0e970000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1c3c.1868: SUPR3HardenedMain: Calling TrustedMain (00007ffc0e9714f0)...
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc10e60000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10e60000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000065c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15C67EA66CCB2DD0FE18A5AB58A7BA1C113BBA6A
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00115~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36010000 LB 0x00098000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36010000 'C:\Windows\system32\uxtheme.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b240000 'C:\Windows\system32\user32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39550000 'C:\Windows\system32\SHCore.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'win32u.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'gdi32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc360e0000 LB 0x00029000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\system32\winmm.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\system32\winmm.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36010000 'C:\Windows\system32\uxtheme.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b3d0000 'C:\Windows\system32\advapi32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'profapi.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc37880000 LB 0x00028000 C:\Windows\system32\userenv.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc37880000 'C:\Windows\system32\userenv.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ea0000 'C:\Windows\System32\kernel32.dll'
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc3ab80000 LB 0x000a0000 C:\Windows\System32\clbcatq.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1c3c.1fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1c3c.1fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1fc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1c3c.1fc8: supR3HardenedDllNotificationCallback: load   00007ffc0d5d0000 LB 0x00546000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1c3c.1fc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0d5d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1c3c.1fc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1c3c.1fc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1c3c.1fc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1fc8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1fc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1fc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1c3c.1fc8: supR3HardenedDllNotificationCallback: load   00007ffc10da0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1c3c.1fc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10da0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1c3c.1fc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1fc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc392f0000 'C:\Windows\System32\oleaut32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ac20000 'C:\Windows\system32\gdi32.dll'
1c3c.1cb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1cb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1cb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1cb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1cb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1cb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
1c3c.1cb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1c3c.1cb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1cb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1cb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1cb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1cb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1cb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1c3c.1cb0: supR3HardenedDllNotificationCallback: load   00007ffc2f530000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
1c3c.1cb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
1c3c.1cb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2f530000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b640000 'C:\Windows\System32\ntdll.dll'
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc393d0000 LB 0x00175000 C:\Windows\System32\MSCTF.dll [fFlags=0x0]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'oleaut32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'user32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'gdi32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'imm32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B480615AD13C4A3DD6B7A2F86ED35195B9CA49
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\DataExchange.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'combase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'd3d11.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'dcomp.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\DataExchange.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume2\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp_win.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'oleaut32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'dxgi.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dcomp.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume2\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1c3c.1868: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dxgi.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dxgi.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\d3d11.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [redoing WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\win32u.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36710000 LB 0x000bb000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc344f0000 LB 0x0030b000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\d3d11.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc356c0000 LB 0x0019c000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dcomp.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc18640000 LB 0x00058000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\DataExchange.dll
1c3c.1868: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\dxgi.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dxgi.dll' [rescheduled]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ac20000 'C:\Windows\System32\gdi32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc18640000 'C:\Windows\system32\dataexchange.dll'
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rmclient.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rmclient.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc361c0000 LB 0x00021000 C:\Windows\system32\RMCLIENT.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36270000 LB 0x001b8000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'coreuicomponents.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'coremessaging.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'combase.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcryptprimitives.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WinTypes.dll)
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinTypes.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc36a40000 LB 0x00031000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc35860000 LB 0x000da000 C:\Windows\System32\CoreMessaging.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc33b00000 LB 0x0014d000 C:\Windows\SYSTEM32\wintypes.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc32be0000 LB 0x0031e000 C:\Windows\System32\CoreUIComponents.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc2f700000 LB 0x00098000 C:\Windows\System32\TextInputFramework.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume2\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume2\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume2\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume2\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinTypes.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreMessaging.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\CoreUIComponents.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\TextInputFramework.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rmclient.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\twinapi.appcore.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc392f0000 'C:\Windows\System32\OLEAUT32.DLL'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b240000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b240000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38f60000 'api-ms-win-core-com-l1-1-0.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc393d0000 'C:\Windows\System32\MSCTF.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc38ad0000 'C:\Windows\System32\ole32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc392f0000 'C:\Windows\System32\OLEAUT32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b30 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D49375F38056AA009353FFDCCD59474093558A8B
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=85E1C37A6BD4306E57F09FFDB448860467295EFB
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc2ce00000 LB 0x00083000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc24be0000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc24be0000 'C:\Windows\system32\wbem\wbemprox.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b88 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=38422F12A30C69B303E7EBE427C8D87E3024ED12
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc261a0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc261a0000 'C:\Windows\system32\wbem\wbemsvc.dll'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-localization-l1-2-0.dll'
1c3c.1868: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc385c0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b60 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07493B638EF356F68BE9306C76CDBF2D22198E5A
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
1c3c.1868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
1c3c.1868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
1c3c.1868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1c3c.1868: supR3HardenedDllNotificationCallback: load   00007ffc24a40000 LB 0x000f2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc24a40000 'C:\Windows\system32\wbem\fastprox.dll'
1c3c.1cbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1c3c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.1cbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1c3c.1cbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1c3c.1cbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1c3c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1c3c.1cbc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
1c3c.1cbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
1c3c.1cbc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1c3c.1cbc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1cbc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1cbc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1cbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1cbc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1c3c.1cbc: supR3HardenedDllNotificationCallback: load   00000000540b0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
1c3c.1cbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1c3c.1cbc: supR3HardenedDllNotificationCallback: load   00007ffc08a00000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
1c3c.1cbc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1cbc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08a00000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c78 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7A411B6D0C02AF0C9C29BAAEFDFE6EF0D86C921F
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'oleaut32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'ws2_32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'netsetupapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'setupapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'devrtl.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devrtl.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'devrtl.dll' -> '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c0c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7E327D4544F33888FC8ADAE2BEEB7A40A76E7F8
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc2b9c0000 LB 0x00026000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc3adf0000 LB 0x0044b000 C:\Windows\System32\setupapi.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc25e50000 LB 0x00013000 C:\Windows\System32\DEVRTL.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc25ba0000 LB 0x00081000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25ba0000 'C:\Windows\System32\NetSetupShim.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'nsi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'winnsi.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupEngine.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc38c30000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc318b0000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc0f440000 LB 0x000c6000 C:\Windows\System32\NetSetupEngine.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupEngine.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0f440000 'C:\Windows\System32\NetSetupEngine.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1c3c.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1c3c.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.c88: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1c3c.c88: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
1c3c.c88: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1c3c.c88: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.c88: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.c88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.c88: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1c3c.c88: supR3HardenedDllNotificationCallback: load   00007ffc25980000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
1c3c.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1c3c.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25980000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
1c3c.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3b240000 'C:\Windows\system32\User32.dll'
1c3c.1688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1c3c.1688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.1688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
1c3c.1688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1c3c.1688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1688: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1c3c.1688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1c3c.1688: supR3HardenedDllNotificationCallback: load   00007ffc25970000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
1c3c.1688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1c3c.1688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25970000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
1c3c.fb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
1c3c.fb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
1c3c.fb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
1c3c.fb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1c3c.fb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll)
1c3c.fb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1c3c.fb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
1c3c.fb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
1c3c.fb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
1c3c.fb0: supR3HardenedDllNotificationCallback: load   00007ffc11c30000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [avoiding WinVerifyTrust]
1c3c.fb0: supR3HardenedDllNotificationCallback: load   00007ffc11c00000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
1c3c.fb0: supR3HardenedDllNotificationCallback: load   00007ffc0c2d0000 LB 0x00110000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0c2d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.fb0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll'
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11c00000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.fb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
1c3c.fb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
1c3c.fb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.fb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
1c3c.fb0: supR3HardenedDllNotificationCallback: load   00007ffc258f0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc258f0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\system32/opengl32.dll'
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc3ac20000 'C:\Windows\System32\gdi32.dll'
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.fb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.fb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10f90000 'C:\Windows\System32\OPENGL32.dll'
1c3c.1d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1c3c.1d04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.1d04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
1c3c.1d04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1c3c.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1d04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1d04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1d04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1c3c.1d04: supR3HardenedDllNotificationCallback: load   00007ffc25960000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
1c3c.1d04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1c3c.1d04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc25960000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
1c3c.7ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.7ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.7ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1c3c.7ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.7ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
1c3c.7ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1c3c.7ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.7ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.7ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1c3c.7ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1c3c.7ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.7ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.7ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.7ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1c3c.7ac: supR3HardenedDllNotificationCallback: load   00007ffc258c0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
1c3c.7ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1c3c.7ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc258c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\Shell32.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08a00000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10680000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10680000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
1c3c.1f38: supR3HardenedDllNotificationCallback: Unload 00007ffc10680000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc16b30000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc0f8c0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffbee2d0000 LB 0x009c5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbee2d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10680000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10680000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0d5d0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0f8c0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc1fc40000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1fc40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc1ac30000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc1ac30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10780000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10780000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10760000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10760000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1c3c.1454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1c3c.1454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
1c3c.1454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1c3c.1454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1c3c.1454: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1c3c.1454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1c3c.1454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1454: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1c3c.1454: supR3HardenedDllNotificationCallback: load   00007ffc258b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
1c3c.1454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1c3c.1454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc258b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10240000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10240000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'devobj.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'propsys.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll [redoing WinVerifyTrust]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\propsys.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cfgmgr32.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc37760000 LB 0x00027000 C:\Windows\System32\DEVOBJ.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc31c20000 LB 0x00076000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc31c20000 'C:\Windows\System32\MMDevApi.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001034 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5473BCFF580489A320314B844E6D3DC42BA47DE8
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc0c240000 LB 0x0008f000 C:\Windows\System32\dsound.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0c240000 'C:\Windows\System32\dsound.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0c240000 'C:\Windows\System32\dsound.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0c240000 'C:\Windows\system32\dsound.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc31c20000 'C:\Windows\System32\MMDEVAPI.DLL'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fac pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=177AADB38B3BB8D75072CC704861E1B81617F092
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc24b70000 LB 0x00009000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc330c0000 LB 0x0000a000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10630000 LB 0x00044000 C:\Windows\System32\wdmaud.drv [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc0fa40000 LB 0x0012c000 C:\Windows\System32\AUDIOSES.DLL [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0fa40000 'C:\Windows\System32\AUDIOSES.DLL'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10630000 'C:\Windows\System32\wdmaud.drv'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010dc pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7886E1CCA739C1E5ED73D45A3FBDDF8A54FC7C0F
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10610000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc11910000 LB 0x0000d000 C:\Windows\System32\msacm32.drv [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc11910000 'C:\Windows\System32\msacm32.drv'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010c4 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000fe7760
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1DAEA3709B4BD5475FA0919C8463CA4834E4BC26
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc382a0000 'C:\Windows\System32\crypt32.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
1c3c.1f38: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1c3c.1f38: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
1c3c.1f38: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
1c3c.1f38: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1c3c.1f38: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardenedDllNotificationCallback: load   00007ffc10d70000 LB 0x0000a000 C:\Windows\System32\midimap.dll [fFlags=0x0]
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10d70000 'C:\Windows\System32\midimap.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10d70000 'C:\Windows\System32\midimap.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10d70000 'C:\Windows\System32\midimap.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc10d70000 'C:\Windows\System32\midimap.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc0c240000 'C:\Windows\system32\dsound.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc355d0000 'C:\Windows\System32\winmm.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc08a00000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1f38: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc36db0000 'C:\Windows\system32\rsaenh.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'
1c3c.1868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc39600000 'C:\Windows\system32\shell32.dll'