Ticket #19358: Windows 10 1809-2020-02-28-08-47-19.log

File Windows 10 1809-2020-02-28-08-47-19.log, 406.1 KB (added by VeHav2GoVeeper, 5 years ago)

Line
1	23a64.23560: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	23a64.23560: \SystemRoot\System32\ntdll.dll:
3	23a64.23560: CreationTime: 2020-01-14T21:20:24.992404300Z
4	23a64.23560: LastWriteTime: 2020-01-03T03:35:05.302579400Z
5	23a64.23560: ChangeTime: 2020-01-14T22:54:45.661976200Z
6	23a64.23560: FileAttributes: 0x20
7	23a64.23560: Size: 0x198080
8	23a64.23560: NT Headers: 0xe0
9	23a64.23560: Timestamp: 0x5e0eb67f
10	23a64.23560: Machine: 0x8664 - amd64
11	23a64.23560: Timestamp: 0x5e0eb67f
12	23a64.23560: Image Version: 6.1
13	23a64.23560: SizeOfImage: 0x19f000 (1699840)
14	23a64.23560: Resource Dir: 0x142000 LB 0x5a038
15	23a64.23560: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16	23a64.23560: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
17	23a64.23560: ProductName: Microsoft® Windows® Operating System
18	23a64.23560: ProductVersion: 6.1.7601.24545
19	23a64.23560: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
20	23a64.23560: FileDescription: NT Layer DLL
21	23a64.23560: \SystemRoot\System32\kernel32.dll:
22	23a64.23560: CreationTime: 2020-01-14T21:20:21.987377500Z
23	23a64.23560: LastWriteTime: 2020-01-03T03:33:39.604000000Z
24	23a64.23560: ChangeTime: 2020-01-14T22:54:46.285977300Z
25	23a64.23560: FileAttributes: 0x20
26	23a64.23560: Size: 0x11be00
27	23a64.23560: NT Headers: 0xe0
28	23a64.23560: Timestamp: 0x5e0eb6bc
29	23a64.23560: Machine: 0x8664 - amd64
30	23a64.23560: Timestamp: 0x5e0eb6bc
31	23a64.23560: Image Version: 6.1
32	23a64.23560: SizeOfImage: 0x11f000 (1175552)
33	23a64.23560: Resource Dir: 0x116000 LB 0x530
34	23a64.23560: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35	23a64.23560: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
36	23a64.23560: ProductName: Microsoft® Windows® Operating System
37	23a64.23560: ProductVersion: 6.1.7601.24545
38	23a64.23560: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
39	23a64.23560: FileDescription: Windows NT BASE API Client DLL
40	23a64.23560: \SystemRoot\System32\KernelBase.dll:
41	23a64.23560: CreationTime: 2020-01-14T21:20:21.737377200Z
42	23a64.23560: LastWriteTime: 2020-01-03T03:33:39.604000000Z
43	23a64.23560: ChangeTime: 2020-01-14T22:54:46.285977300Z
44	23a64.23560: FileAttributes: 0x20
45	23a64.23560: Size: 0x63c00
46	23a64.23560: NT Headers: 0xe8
47	23a64.23560: Timestamp: 0x5e0eb6bd
48	23a64.23560: Machine: 0x8664 - amd64
49	23a64.23560: Timestamp: 0x5e0eb6bd
50	23a64.23560: Image Version: 6.1
51	23a64.23560: SizeOfImage: 0x67000 (421888)
52	23a64.23560: Resource Dir: 0x65000 LB 0x538
53	23a64.23560: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54	23a64.23560: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
55	23a64.23560: ProductName: Microsoft® Windows® Operating System
56	23a64.23560: ProductVersion: 6.1.7601.24545
57	23a64.23560: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
58	23a64.23560: FileDescription: Windows NT BASE API Client DLL
59	23a64.23560: \SystemRoot\System32\apisetschema.dll:
60	23a64.23560: CreationTime: 2020-01-14T21:20:21.327376600Z
61	23a64.23560: LastWriteTime: 2020-01-03T03:33:11.406000000Z
62	23a64.23560: ChangeTime: 2020-01-14T22:54:45.318775600Z
63	23a64.23560: FileAttributes: 0x20
64	23a64.23560: Size: 0x1c00
65	23a64.23560: NT Headers: 0xc0
66	23a64.23560: Timestamp: 0x5e0eb63f
67	23a64.23560: Machine: 0x8664 - amd64
68	23a64.23560: Timestamp: 0x5e0eb63f
69	23a64.23560: Image Version: 6.1
70	23a64.23560: SizeOfImage: 0x50000 (327680)
71	23a64.23560: Resource Dir: 0x30000 LB 0x408
72	23a64.23560: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73	23a64.23560: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
74	23a64.23560: ProductName: Microsoft® Windows® Operating System
75	23a64.23560: ProductVersion: 6.1.7601.24545
76	23a64.23560: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
77	23a64.23560: FileDescription: ApiSet Schema DLL
78	23a64.23560: supR3HardenedWinFindAdversaries: 0x0
79	23a64.23560: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
80	23a64.23560: Calling main()
81	23a64.23560: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
82	23a64.23560: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
83	23a64.23560: SUPR3HardenedMain: Respawn #1
84	23a64.23560: System32: \Device\HarddiskVolume1\Windows\System32
85	23a64.23560: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
86	23a64.23560: KnownDllPath: C:\Windows\system32
87	23a64.23560: supR3HardenedWinInit: Performing a limited self purification...
88	23a64.23560: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
89	23a64.23560: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
90	23a64.23560: *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000
91	23a64.23560: 0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000
92	23a64.23560: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
93	23a64.23560: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
94	23a64.23560: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
95	23a64.23560: 0000000000041000-000000000006ffff 0x0001/0x0000 0x0000000
96	23a64.23560: *0000000000070000-0000000000075fff 0x0004/0x0004 0x0020000
97	23a64.23560: 0000000000076000-000000000016ffff 0x0000/0x0004 0x0020000
98	23a64.23560: *0000000000170000-00000000001d6fff 0x0002/0x0002 0x0040000
99	23a64.23560: 00000000001d7000-00000000001dffff 0x0001/0x0000 0x0000000
100	23a64.23560: *00000000001e0000-0000000000299fff 0x0000/0x0004 0x0020000
101	23a64.23560: 000000000029a000-000000000029bfff 0x0104/0x0004 0x0020000
102	23a64.23560: 000000000029c000-00000000002dffff 0x0004/0x0004 0x0020000
103	23a64.23560: *00000000002e0000-000000000047ffff 0x0004/0x0004 0x0020000
104	23a64.23560: 0000000000480000-00000000004bffff 0x0001/0x0000 0x0000000
105	23a64.23560: *00000000004c0000-000000000053ffff 0x0004/0x0004 0x0020000
106	23a64.23560: *0000000000540000-0000000000553fff 0x0004/0x0004 0x0020000
107	23a64.23560: 0000000000554000-000000000063ffff 0x0000/0x0004 0x0020000
108	23a64.23560: 0000000000640000-00000000771fffff 0x0001/0x0000 0x0000000
109	23a64.23560: *0000000077200000-0000000077200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
110	23a64.23560: 0000000077201000-000000007729bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
111	23a64.23560: 000000007729c000-0000000077309fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
112	23a64.23560: 000000007730a000-000000007730bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
113	23a64.23560: 000000007730c000-000000007731efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
114	23a64.23560: 000000007731f000-000000007741ffff 0x0001/0x0000 0x0000000
115	23a64.23560: *0000000077420000-0000000077420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
116	23a64.23560: 0000000077421000-0000000077544fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
117	23a64.23560: 0000000077545000-0000000077546fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
118	23a64.23560: 0000000077547000-0000000077548fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
119	23a64.23560: 0000000077549000-000000007754afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
120	23a64.23560: 000000007754b000-000000007754dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
121	23a64.23560: 000000007754e000-0000000077550fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
122	23a64.23560: 0000000077551000-0000000077553fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
123	23a64.23560: 0000000077554000-00000000775befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
124	23a64.23560: 00000000775bf000-000000007efdffff 0x0001/0x0000 0x0000000
125	23a64.23560: *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000
126	23a64.23560: 000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000
127	23a64.23560: *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000
128	23a64.23560: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
129	23a64.23560: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
130	23a64.23560: 000000007fff0000-000000013f2cffff 0x0001/0x0000 0x0000000
131	23a64.23560: *000000013f2d0000-000000013f2d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
132	23a64.23560: 000000013f2d1000-000000013f346fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
133	23a64.23560: 000000013f347000-000000013f347fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
134	23a64.23560: 000000013f348000-000000013f38ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
135	23a64.23560: 000000013f390000-000000013f392fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
136	23a64.23560: 000000013f393000-000000013f395fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
137	23a64.23560: 000000013f396000-000000013f398fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
138	23a64.23560: 000000013f399000-000000013f399fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
139	23a64.23560: 000000013f39a000-000000013f39bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
140	23a64.23560: 000000013f39c000-000000013f39cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
141	23a64.23560: 000000013f39d000-000000013f3e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
142	23a64.23560: 000000013f3e6000-000007fefd03ffff 0x0001/0x0000 0x0000000
143	23a64.23560: *000007fefd040000-000007fefd040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
144	23a64.23560: 000007fefd041000-000007fefd087fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
145	23a64.23560: 000007fefd088000-000007fefd09cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
146	23a64.23560: 000007fefd09d000-000007fefd09efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
147	23a64.23560: 000007fefd09f000-000007fefd0a6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
148	23a64.23560: 000007fefd0a7000-000007feff71ffff 0x0001/0x0000 0x0000000
149	23a64.23560: *000007feff720000-000007feff720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
150	23a64.23560: 000007feff721000-000007fffffaffff 0x0001/0x0000 0x0000000
151	23a64.23560: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
152	23a64.23560: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
153	23a64.23560: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
154	23a64.23560: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
155	23a64.23560: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
156	23a64.23560: apisetschema.dll: timestamp 0x5e0eb63f (rc=VINF_SUCCESS)
157	23a64.23560: kernelbase.dll: timestamp 0x5e0eb6bd (rc=VINF_SUCCESS)
158	23a64.23560: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
159	23a64.23560: kernel32.dll: timestamp 0x5e0eb6bc (rc=VINF_SUCCESS)
160	23a64.23560: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
161	23a64.23560: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
162	23a64.23560: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
163	23a64.23560: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
164	23a64.23560: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
165	23a64.23560: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
166	23a64.23560: supR3HardNtEnableThreadCreationEx:
167	23a64.23560: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077463730 pvNtTerminateThread=0000000077489cd0
168	23a64.23560: supR3HardenedWinDoReSpawn(1): New child 1f168.125e8 [kernel32].
169	23a64.23560: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
170	23a64.23560: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077420000 uNtDllChildAddr=0000000077420000
171	23a64.23560: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077463730
172	23a64.23560: supR3HardenedWinSetupChildInit: Initial context:
173	rax=0000000000000000 rbx=0000000000000000 rcx=000000013f2d7900 rdx=000007fffffdd000
174	rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
175	r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
176	r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
177	rip=0000000077473710 rsp=00000000002efc48 rbp=0000000000000000 ctxflags=0010001b
178	cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
179	P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
180	dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
181	dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
182	lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
183	23a64.23560: supR3HardenedWinSetupChildInit: Start child.
184	23a64.23560: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
185	23a64.23560: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
186	23a64.23560: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
187	23a64.23560: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
188	23a64.23560: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
189	23a64.23560: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
190	23a64.23560: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
191	23a64.23560: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
192	23a64.23560: 0000000000041000-00000000001effff 0x0001/0x0000 0x0000000
193	23a64.23560: *00000000001f0000-00000000002ebfff 0x0000/0x0004 0x0020000
194	23a64.23560: 00000000002ec000-00000000002edfff 0x0104/0x0004 0x0020000
195	23a64.23560: 00000000002ee000-00000000002effff 0x0004/0x0004 0x0020000
196	23a64.23560: 00000000002f0000-000000007741ffff 0x0001/0x0000 0x0000000
197	23a64.23560: *0000000077420000-0000000077420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
198	23a64.23560: 0000000077421000-0000000077544fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
199	23a64.23560: 0000000077545000-000000007754afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
200	23a64.23560: 000000007754b000-000000007754bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
201	23a64.23560: 000000007754c000-0000000077553fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
202	23a64.23560: 0000000077554000-00000000775befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
203	23a64.23560: 00000000775bf000-000000007efdffff 0x0001/0x0000 0x0000000
204	23a64.23560: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
205	23a64.23560: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
206	23a64.23560: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
207	23a64.23560: 000000007fff0000-000000013f2cffff 0x0001/0x0000 0x0000000
208	23a64.23560: *000000013f2d0000-000000013f2d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
209	23a64.23560: 000000013f2d1000-000000013f346fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
210	23a64.23560: 000000013f347000-000000013f347fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
211	23a64.23560: 000000013f348000-000000013f38ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
212	23a64.23560: 000000013f390000-000000013f390fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
213	23a64.23560: 000000013f391000-000000013f391fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
214	23a64.23560: 000000013f392000-000000013f396fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
215	23a64.23560: 000000013f397000-000000013f397fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
216	23a64.23560: 000000013f398000-000000013f398fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
217	23a64.23560: 000000013f399000-000000013f39cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
218	23a64.23560: 000000013f39d000-000000013f3e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
219	23a64.23560: 000000013f3e6000-000007feff71ffff 0x0001/0x0000 0x0000000
220	23a64.23560: *000007feff720000-000007feff720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
221	23a64.23560: 000007feff721000-000007fffffaffff 0x0001/0x0000 0x0000000
222	23a64.23560: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
223	23a64.23560: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
224	23a64.23560: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000
225	23a64.23560: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
226	23a64.23560: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
227	23a64.23560: supR3HardNtChildPurify: Done after 268 ms and 0 fixes (loop #0).
228	1f168.125e8: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
229	1f168.125e8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077420000 g_uNtVerCombined=0x611db100 (stack ~00000000002ef6f8)
230	1f168.125e8: ntdll.dll: timestamp 0x5e0eb67f (rc=VINF_SUCCESS)
231	1f168.125e8: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1699840 allocation)
232	23a64.23560: supR3HardNtEnableThreadCreationEx:
233	1f168.125e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
234	1f168.125e8: System32: \Device\HarddiskVolume1\Windows\System32
235	1f168.125e8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
236	1f168.125e8: KnownDllPath: C:\Windows\system32
237	1f168.125e8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
238	1f168.125e8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
239	1f168.125e8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
240	1f168.125e8: Registered Dll notification callback with NTDLL.
241	1f168.125e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
242	1f168.125e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
243	1f168.125e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
244	1f168.125e8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
245	1f168.125e8: supR3HardenedDllNotificationCallback: load 0000000077200000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
246	1f168.125e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
247	1f168.125e8: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
248	1f168.125e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
249	1f168.125e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
250	1f168.125e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
251	1f168.125e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077463730 pvNtTerminateThread=0000000077489cd0
252	23a64.23560: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms.
253	1f168.125e8: \SystemRoot\System32\ntdll.dll:
254	1f168.125e8: CreationTime: 2020-01-14T21:20:24.992404300Z
255	1f168.125e8: LastWriteTime: 2020-01-03T03:35:05.302579400Z
256	1f168.125e8: ChangeTime: 2020-01-14T22:54:45.661976200Z
257	1f168.125e8: FileAttributes: 0x20
258	1f168.125e8: Size: 0x198080
259	1f168.125e8: NT Headers: 0xe0
260	1f168.125e8: Timestamp: 0x5e0eb67f
261	1f168.125e8: Machine: 0x8664 - amd64
262	1f168.125e8: Timestamp: 0x5e0eb67f
263	1f168.125e8: Image Version: 6.1
264	1f168.125e8: SizeOfImage: 0x19f000 (1699840)
265	1f168.125e8: Resource Dir: 0x142000 LB 0x5a038
266	1f168.125e8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
267	1f168.125e8: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
268	1f168.125e8: ProductName: Microsoft® Windows® Operating System
269	1f168.125e8: ProductVersion: 6.1.7601.24545
270	1f168.125e8: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
271	1f168.125e8: FileDescription: NT Layer DLL
272	1f168.125e8: \SystemRoot\System32\kernel32.dll:
273	1f168.125e8: CreationTime: 2020-01-14T21:20:21.987377500Z
274	1f168.125e8: LastWriteTime: 2020-01-03T03:33:39.604000000Z
275	1f168.125e8: ChangeTime: 2020-01-14T22:54:46.285977300Z
276	1f168.125e8: FileAttributes: 0x20
277	1f168.125e8: Size: 0x11be00
278	1f168.125e8: NT Headers: 0xe0
279	1f168.125e8: Timestamp: 0x5e0eb6bc
280	1f168.125e8: Machine: 0x8664 - amd64
281	1f168.125e8: Timestamp: 0x5e0eb6bc
282	1f168.125e8: Image Version: 6.1
283	1f168.125e8: SizeOfImage: 0x11f000 (1175552)
284	1f168.125e8: Resource Dir: 0x116000 LB 0x530
285	1f168.125e8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
286	1f168.125e8: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
287	1f168.125e8: ProductName: Microsoft® Windows® Operating System
288	1f168.125e8: ProductVersion: 6.1.7601.24545
289	1f168.125e8: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
290	1f168.125e8: FileDescription: Windows NT BASE API Client DLL
291	1f168.125e8: \SystemRoot\System32\KernelBase.dll:
292	1f168.125e8: CreationTime: 2020-01-14T21:20:21.737377200Z
293	1f168.125e8: LastWriteTime: 2020-01-03T03:33:39.604000000Z
294	1f168.125e8: ChangeTime: 2020-01-14T22:54:46.285977300Z
295	1f168.125e8: FileAttributes: 0x20
296	1f168.125e8: Size: 0x63c00
297	1f168.125e8: NT Headers: 0xe8
298	1f168.125e8: Timestamp: 0x5e0eb6bd
299	1f168.125e8: Machine: 0x8664 - amd64
300	1f168.125e8: Timestamp: 0x5e0eb6bd
301	1f168.125e8: Image Version: 6.1
302	1f168.125e8: SizeOfImage: 0x67000 (421888)
303	1f168.125e8: Resource Dir: 0x65000 LB 0x538
304	1f168.125e8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
305	1f168.125e8: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
306	1f168.125e8: ProductName: Microsoft® Windows® Operating System
307	1f168.125e8: ProductVersion: 6.1.7601.24545
308	1f168.125e8: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
309	1f168.125e8: FileDescription: Windows NT BASE API Client DLL
310	1f168.125e8: \SystemRoot\System32\apisetschema.dll:
311	1f168.125e8: CreationTime: 2020-01-14T21:20:21.327376600Z
312	1f168.125e8: LastWriteTime: 2020-01-03T03:33:11.406000000Z
313	1f168.125e8: ChangeTime: 2020-01-14T22:54:45.318775600Z
314	1f168.125e8: FileAttributes: 0x20
315	1f168.125e8: Size: 0x1c00
316	1f168.125e8: NT Headers: 0xc0
317	1f168.125e8: Timestamp: 0x5e0eb63f
318	1f168.125e8: Machine: 0x8664 - amd64
319	1f168.125e8: Timestamp: 0x5e0eb63f
320	1f168.125e8: Image Version: 6.1
321	1f168.125e8: SizeOfImage: 0x50000 (327680)
322	1f168.125e8: Resource Dir: 0x30000 LB 0x408
323	1f168.125e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
324	1f168.125e8: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
325	1f168.125e8: ProductName: Microsoft® Windows® Operating System
326	1f168.125e8: ProductVersion: 6.1.7601.24545
327	1f168.125e8: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
328	1f168.125e8: FileDescription: ApiSet Schema DLL
329	1f168.125e8: supR3HardenedWinFindAdversaries: 0x0
330	1f168.125e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
331	1f168.125e8: Calling main()
332	1f168.125e8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
333	1f168.125e8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
334	1f168.125e8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
335	1f168.125e8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
336	1f168.125e8: SUPR3HardenedMain: Respawn #2
337	1f168.125e8: supR3HardNtEnableThreadCreationEx:
338	1f168.125e8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
339	1f168.125e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
340	1f168.125e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
341	1f168.125e8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
342	1f168.125e8: supR3HardenedDllNotificationCallback: load 000007fefcd70000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
343	1f168.125e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
344	1f168.125e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd70000 'C:\Windows\system32\apphelp.dll'
345	1f168.125e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077463730 pvNtTerminateThread=0000000077489cd0
346	1f168.125e8: supR3HardenedWinDoReSpawn(2): New child 23338.1f228 [kernel32].
347	1f168.125e8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
348	1f168.125e8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077420000 uNtDllChildAddr=0000000077420000
349	1f168.125e8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077463730
350	1f168.125e8: supR3HardenedWinSetupChildInit: Initial context:
351	rax=0000000000000000 rbx=0000000000000000 rcx=000000013f2d7900 rdx=000007fffffd3000
352	rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
353	r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
354	r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
355	rip=0000000077473710 rsp=00000000001ef948 rbp=0000000000000000 ctxflags=0010001b
356	cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
357	P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
358	dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
359	dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
360	lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
361	1f168.125e8: kernel32.dll: timestamp 0x5e0eb6bc (rc=VINF_SUCCESS)
362	1f168.125e8: supR3HardenedWinSetupChildInit: Start child.
363	1f168.125e8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
364	1f168.125e8: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
365	1f168.125e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
366	1f168.125e8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
367	1f168.125e8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
368	1f168.125e8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
369	1f168.125e8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
370	1f168.125e8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
371	1f168.125e8: 0000000000041000-00000000000effff 0x0001/0x0000 0x0000000
372	1f168.125e8: *00000000000f0000-00000000001ebfff 0x0000/0x0004 0x0020000
373	1f168.125e8: 00000000001ec000-00000000001edfff 0x0104/0x0004 0x0020000
374	1f168.125e8: 00000000001ee000-00000000001effff 0x0004/0x0004 0x0020000
375	1f168.125e8: 00000000001f0000-000000007741ffff 0x0001/0x0000 0x0000000
376	1f168.125e8: *0000000077420000-0000000077420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
377	1f168.125e8: 0000000077421000-0000000077544fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
378	1f168.125e8: 0000000077545000-000000007754afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
379	1f168.125e8: 000000007754b000-000000007754bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
380	1f168.125e8: 000000007754c000-0000000077553fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
381	1f168.125e8: 0000000077554000-00000000775befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
382	1f168.125e8: 00000000775bf000-000000007efdffff 0x0001/0x0000 0x0000000
383	1f168.125e8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
384	1f168.125e8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
385	1f168.125e8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
386	1f168.125e8: 000000007fff0000-000000013f2cffff 0x0001/0x0000 0x0000000
387	1f168.125e8: *000000013f2d0000-000000013f2d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
388	1f168.125e8: 000000013f2d1000-000000013f346fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
389	1f168.125e8: 000000013f347000-000000013f347fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
390	1f168.125e8: 000000013f348000-000000013f38ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
391	1f168.125e8: 000000013f390000-000000013f390fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
392	1f168.125e8: 000000013f391000-000000013f391fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
393	1f168.125e8: 000000013f392000-000000013f396fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
394	1f168.125e8: 000000013f397000-000000013f397fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
395	1f168.125e8: 000000013f398000-000000013f398fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
396	1f168.125e8: 000000013f399000-000000013f39cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
397	1f168.125e8: 000000013f39d000-000000013f3e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
398	1f168.125e8: 000000013f3e6000-000007feff71ffff 0x0001/0x0000 0x0000000
399	1f168.125e8: *000007feff720000-000007feff720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
400	1f168.125e8: 000007feff721000-000007fffffaffff 0x0001/0x0000 0x0000000
401	1f168.125e8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
402	1f168.125e8: *000007fffffd3000-000007fffffd3fff 0x0004/0x0004 0x0020000
403	1f168.125e8: 000007fffffd4000-000007fffffddfff 0x0001/0x0000 0x0000000
404	1f168.125e8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
405	1f168.125e8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
406	1f168.125e8: apisetschema.dll: timestamp 0x5e0eb63f (rc=VINF_SUCCESS)
407	1f168.125e8: VirtualBoxVM.exe: timestamp 0x5e4c1d19 (rc=VINF_SUCCESS)
408	1f168.125e8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
409	1f168.125e8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
410	1f168.125e8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
411	1f168.125e8: supR3HardNtChildPurify: Done after 301 ms and 0 fixes (loop #0).
412	23338.1f228: Log file opened: 6.1.4r136177 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
413	23338.1f228: supR3HardenedVmProcessInit: uNtDllAddr=0000000077420000 g_uNtVerCombined=0x611db100 (stack ~00000000001ef3f8)
414	1f168.125e8: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
415	23338.1f228: ntdll.dll: timestamp 0x5e0eb67f (rc=VINF_SUCCESS)
416	23338.1f228: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1699840 allocation)
417	1f168.125e8: supR3HardNtEnableThreadCreationEx:
418	23338.1f228: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
419	23338.1f228: System32: \Device\HarddiskVolume1\Windows\System32
420	23338.1f228: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
421	23338.1f228: KnownDllPath: C:\Windows\system32
422	23338.1f228: supR3HardenedVmProcessInit: Opening vboxdrv...
423	23338.1f228: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
424	23338.1f228: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
425	23338.1f228: Registered Dll notification callback with NTDLL.
426	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
427	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
428	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
429	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
430	23338.1f228: supR3HardenedDllNotificationCallback: load 0000000077200000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
431	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
432	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
433	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
434	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
435	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
436	23338.1f228: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077463730 pvNtTerminateThread=0000000077489cd0
437	1f168.125e8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 73 ms.
438	23338.1f228: \SystemRoot\System32\ntdll.dll:
439	23338.1f228: CreationTime: 2020-01-14T21:20:24.992404300Z
440	23338.1f228: LastWriteTime: 2020-01-03T03:35:05.302579400Z
441	23338.1f228: ChangeTime: 2020-01-14T22:54:45.661976200Z
442	23338.1f228: FileAttributes: 0x20
443	23338.1f228: Size: 0x198080
444	23338.1f228: NT Headers: 0xe0
445	23338.1f228: Timestamp: 0x5e0eb67f
446	23338.1f228: Machine: 0x8664 - amd64
447	23338.1f228: Timestamp: 0x5e0eb67f
448	23338.1f228: Image Version: 6.1
449	23338.1f228: SizeOfImage: 0x19f000 (1699840)
450	23338.1f228: Resource Dir: 0x142000 LB 0x5a038
451	23338.1f228: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
452	23338.1f228: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
453	23338.1f228: ProductName: Microsoft® Windows® Operating System
454	23338.1f228: ProductVersion: 6.1.7601.24545
455	23338.1f228: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
456	23338.1f228: FileDescription: NT Layer DLL
457	23338.1f228: \SystemRoot\System32\kernel32.dll:
458	23338.1f228: CreationTime: 2020-01-14T21:20:21.987377500Z
459	23338.1f228: LastWriteTime: 2020-01-03T03:33:39.604000000Z
460	23338.1f228: ChangeTime: 2020-01-14T22:54:46.285977300Z
461	23338.1f228: FileAttributes: 0x20
462	23338.1f228: Size: 0x11be00
463	23338.1f228: NT Headers: 0xe0
464	23338.1f228: Timestamp: 0x5e0eb6bc
465	23338.1f228: Machine: 0x8664 - amd64
466	23338.1f228: Timestamp: 0x5e0eb6bc
467	23338.1f228: Image Version: 6.1
468	23338.1f228: SizeOfImage: 0x11f000 (1175552)
469	23338.1f228: Resource Dir: 0x116000 LB 0x530
470	23338.1f228: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
471	23338.1f228: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
472	23338.1f228: ProductName: Microsoft® Windows® Operating System
473	23338.1f228: ProductVersion: 6.1.7601.24545
474	23338.1f228: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
475	23338.1f228: FileDescription: Windows NT BASE API Client DLL
476	23338.1f228: \SystemRoot\System32\KernelBase.dll:
477	23338.1f228: CreationTime: 2020-01-14T21:20:21.737377200Z
478	23338.1f228: LastWriteTime: 2020-01-03T03:33:39.604000000Z
479	23338.1f228: ChangeTime: 2020-01-14T22:54:46.285977300Z
480	23338.1f228: FileAttributes: 0x20
481	23338.1f228: Size: 0x63c00
482	23338.1f228: NT Headers: 0xe8
483	23338.1f228: Timestamp: 0x5e0eb6bd
484	23338.1f228: Machine: 0x8664 - amd64
485	23338.1f228: Timestamp: 0x5e0eb6bd
486	23338.1f228: Image Version: 6.1
487	23338.1f228: SizeOfImage: 0x67000 (421888)
488	23338.1f228: Resource Dir: 0x65000 LB 0x538
489	23338.1f228: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
490	23338.1f228: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
491	23338.1f228: ProductName: Microsoft® Windows® Operating System
492	23338.1f228: ProductVersion: 6.1.7601.24545
493	23338.1f228: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
494	23338.1f228: FileDescription: Windows NT BASE API Client DLL
495	23338.1f228: \SystemRoot\System32\apisetschema.dll:
496	23338.1f228: CreationTime: 2020-01-14T21:20:21.327376600Z
497	23338.1f228: LastWriteTime: 2020-01-03T03:33:11.406000000Z
498	23338.1f228: ChangeTime: 2020-01-14T22:54:45.318775600Z
499	23338.1f228: FileAttributes: 0x20
500	23338.1f228: Size: 0x1c00
501	23338.1f228: NT Headers: 0xc0
502	23338.1f228: Timestamp: 0x5e0eb63f
503	23338.1f228: Machine: 0x8664 - amd64
504	23338.1f228: Timestamp: 0x5e0eb63f
505	23338.1f228: Image Version: 6.1
506	23338.1f228: SizeOfImage: 0x50000 (327680)
507	23338.1f228: Resource Dir: 0x30000 LB 0x408
508	23338.1f228: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
509	23338.1f228: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
510	23338.1f228: ProductName: Microsoft® Windows® Operating System
511	23338.1f228: ProductVersion: 6.1.7601.24545
512	23338.1f228: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
513	23338.1f228: FileDescription: ApiSet Schema DLL
514	23338.1f228: supR3HardenedWinFindAdversaries: 0x0
515	23338.1f228: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
516	23338.1f228: Calling main()
517	23338.1f228: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
518	23338.1f228: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
519	23338.1f228: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
520	23338.1f228: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
521	23338.1f228: SUPR3HardenedMain: Final process, opening VBoxDrv...
522	23338.1f228: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
523	23338.1f228: supR3HardNtEnableThreadCreationEx:
524	23338.1f228: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
525	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
526	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb281:<flags> [calling]
527	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
528	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef61c0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
529	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
530	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
531	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e8a01:<flags> [calling]
532	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
533	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
534	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e8a01:<flags> [calling]
535	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
536	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
537	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
538	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
539	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
540	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
541	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
542	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
543	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
544	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
545	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
546	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
547	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
548	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
549	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
550	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
551	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
552	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
553	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
554	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
555	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
556	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
557	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
558	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
559	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
560	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
561	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
562	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
563	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
564	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
565	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
566	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
567	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed091:<flags> [calling]
568	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
569	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
570	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
571	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feff080000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
572	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
573	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
574	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
575	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefcf80000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
576	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
577	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe180000 LB 0x0012c000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
578	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
579	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\Windows\system32\Wintrust.dll'
580	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
581	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
582	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed091:<flags> [calling]
583	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
584	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefc5d0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
585	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
586	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5d0000 'C:\Windows\system32\bcrypt.dll'
587	23338.1f228: bcrypt.dll loaded at 000007fefc5d0000, BCryptOpenAlgorithmProvider at 000007fefc5d2460, preloading providers:
588	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
589	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
590	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
591	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
592	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
593	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
594	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
595	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
596	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
597	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
598	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
599	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
600	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
601	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
602	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
603	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
604	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
605	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
606	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
607	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed071:<flags> [calling]
608	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
609	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefc520000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
610	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
611	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe660000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
612	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
613	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
614	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
615	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
616	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
617	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd350000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
618	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
619	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc520000 'C:\Windows\system32\bcryptprimitives.dll'
620	23338.1f228: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008de580)
621	23338.1f228: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008df440)
622	23338.1f228: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008df570)
623	23338.1f228: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008df790)
624	23338.1f228: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008df8c0)
625	23338.1f228: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008df9f0)
626	23338.1f228: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008dfc40)
627	23338.1f228: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008dfd70)
628	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
629	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
630	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
631	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
632	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
633	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
634	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
635	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
636	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecbe1:<flags> [calling]
637	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
638	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefc410000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
639	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
640	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc410000 'C:\Windows\system32\CRYPTSP.dll'
641	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
642	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
643	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
644	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
645	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
646	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
647	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecb71:<flags> [calling]
648	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
649	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefc110000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
650	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
651	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc110000 'C:\Windows\system32\rsaenh.dll'
652	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
653	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec401:<flags> [calling]
654	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
655	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
656	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
657	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec781:<flags> [calling]
658	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
659	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
660	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
661	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTBASE.dll'
662	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
663	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec1b1:<flags> [calling]
664	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
665	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
666	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecb41:<flags> [calling]
667	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\Windows\system32\WINTRUST.DLL'
668	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
669	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ec971:<flags> [calling]
670	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\CRYPT32.dll'
671	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
672	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
673	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
674	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
675	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
676	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
677	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
678	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
679	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
680	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
681	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec9c1:<flags> [calling]
682	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
683	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd330000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
684	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
685	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\imagehlp.dll'
686	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
687	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecb11:<flags> [calling]
688	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc410000 'C:\Windows\system32\CRYPTSP.dll'
689	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
690	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
691	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
692	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
693	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
694	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
695	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
696	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
697	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
698	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
699	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
700	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
701	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
702	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
703	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
704	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
705	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
706	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
707	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
708	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
709	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
710	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
711	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
712	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
713	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
714	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
715	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
716	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
717	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
718	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
719	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
720	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
721	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
722	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
723	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
724	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
725	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
726	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
727	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
728	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
729	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
730	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec641:<flags> [calling]
731	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
732	23338.1f228: supR3HardenedDllNotificationCallback: load 0000000077320000 LB 0x000fb000 C:\Windows\system32\USER32.dll [fFlags=0x0]
733	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
734	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefed50000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
735	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
736	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefefa0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
737	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
738	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feff190000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
739	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
740	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
741	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebb41:<flags> [calling]
742	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\gdi32.dll'
743	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
744	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
745	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
746	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
747	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
748	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
749	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
750	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
751	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
752	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
753	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
754	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
755	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
756	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
757	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
758	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
759	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
760	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
761	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
762	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
763	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
764	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
765	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
766	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
767	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
768	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
769	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
770	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
771	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
772	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
773	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
774	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb481:<flags> [calling]
775	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
776	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefefb0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
777	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
778	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe550000 LB 0x0010b000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
779	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
780	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefb0000 'C:\Windows\system32\IMM32.DLL'
781	23338.1f228: \Device\HarddiskVolume1\Windows\System32\nvinitx.dll: Owner is administrators group.
782	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
783	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
784	23338.1f228: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Windows\System32\nvinitx.dll)
785	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nvinitx.dll
786	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
787	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
788	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
789	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
790	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
791	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
792	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb091:<flags> [calling]
793	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
794	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefcea0000 LB 0x00040000 C:\Windows\system32\nvinitx.dll [fFlags=0x0]
795	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
796	23338.1f228: \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group.
797	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll)
798	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
799	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea591:<flags> [calling]
800	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
801	23338.1f228: supR3HardenedDllNotificationCallback: load 000000000f000000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0]
802	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
803	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000000f000000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll'
804	23338.1f228: \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll: Owner is administrators group.
805	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
806	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'detoured.dll'.
807	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
808	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
809	23338.1f228: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll)
810	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll
811	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
812	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
813	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
814	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
815	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
816	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
817	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
818	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
819	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
820	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll)
821	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
822	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
823	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
824	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
825	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
826	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
827	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
828	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
829	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
830	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
831	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
832	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
833	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
834	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
835	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devobj.dll)
836	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
837	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
838	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
839	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
840	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
841	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
842	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
843	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
844	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll)
845	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
846	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
847	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
848	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
849	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
850	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
851	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
852	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
853	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
854	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
855	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
856	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
857	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
858	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
859	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
860	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
861	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
862	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
863	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)
864	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
865	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
866	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
867	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
868	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
869	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
870	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
871	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
872	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
873	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
874	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
875	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
876	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
877	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
878	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
879	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
880	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
881	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
882	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
883	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
884	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
885	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
886	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
887	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
888	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
889	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
890	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
891	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
892	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ole32.dll)
893	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
894	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
895	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
896	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
897	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
898	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
899	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
900	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
901	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
902	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
903	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
904	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
905	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
906	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
907	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
908	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
909	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
910	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
911	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
912	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea591:<flags> [calling]
913	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll [lacks WinVerifyTrust]
914	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefa470000 LB 0x00056000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0]
915	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll [lacks WinVerifyTrust]
916	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe8a0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
917	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
918	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefcff0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
919	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
920	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe7c0000 LB 0x000db000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
921	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
922	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe2b0000 LB 0x001ff000 C:\Windows\system32\ole32.dll [fFlags=0x0]
923	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust]
924	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefcfc0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
925	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [lacks WinVerifyTrust]
926	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
927	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001e96d1:<flags> [calling]
928	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
929	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa470000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll'
930	23338.1f228: \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group.
931	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'.
932	23338.1f228: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll)
933	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
934	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
935	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
936	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
937	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea561:<flags> [calling]
938	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [lacks WinVerifyTrust]
939	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefa430000 LB 0x0003d000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0]
940	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [lacks WinVerifyTrust]
941	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa430000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll'
942	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\Windows\system32\nvinitx.dll'
943	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077320000 'C:\Windows\system32\USER32.dll'
944	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
945	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
946	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
947	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
948	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
949	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
950	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
951	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
952	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
953	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
954	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
955	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
956	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
957	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
958	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec911:<flags> [calling]
959	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
960	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefc600000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
961	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
962	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc600000 'C:\Windows\system32\ncrypt.dll'
963	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
964	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec701:<flags> [calling]
965	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5d0000 'C:\Windows\system32\bcrypt.dll'
966	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
967	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
968	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
969	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
970	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
971	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
972	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
973	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
974	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
975	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
976	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
977	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
978	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
979	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
980	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
981	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
982	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
983	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
984	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
985	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec091:<flags> [calling]
986	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
987	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x0001f000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
988	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
989	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefcf70000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
990	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
991	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\Windows\system32\USERENV.dll'
992	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
993	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebdf1:<flags> [calling]
994	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
995	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
996	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec181:<flags> [calling]
997	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
998	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
999	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1000	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
1001	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
1002	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1003	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1004	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1005	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1006	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1007	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1008	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec3b1:<flags> [calling]
1009	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1010	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefb6c0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1011	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1012	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6c0000 'C:\Windows\system32\GPAPI.dll'
1013	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1014	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec301:<flags> [calling]
1015	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1016	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1017	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe180000 'C:\Windows\system32\rpcrt4.dll'
1018	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1019	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec2e1:<flags> [calling]
1020	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1021	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1022	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec2f1:<flags> [calling]
1023	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1024	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1025	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1026	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1027	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1028	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
1029	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1030	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1031	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1032	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1033	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
1034	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1035	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1036	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1037	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1038	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1039	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1040	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1041	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1042	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1043	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1044	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1045	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1046	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1047	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebdf1:<flags> [calling]
1048	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1049	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef95f0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1050	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1051	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feff120000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1052	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1053	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1054	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaff1:<flags> [calling]
1055	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1056	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1057	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaff1:<flags> [calling]
1058	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1059	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1060	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaff1:<flags> [calling]
1061	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1062	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1063	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaff1:<flags> [calling]
1064	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1065	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1066	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaff1:<flags> [calling]
1067	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1068	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1069	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001eaff1:<flags> [calling]
1070	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1071	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1072	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1073	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1074	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1075	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1076	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1077	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1078	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1079	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1080	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1081	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1082	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1083	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95f0000 'C:\Windows\system32\cryptnet.dll'
1084	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1085	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001eb711:<flags> [calling]
1086	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1087	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1088	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb711:<flags> [calling]
1089	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf70000 'C:\Windows\system32\profapi.dll'
1090	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1091	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1092	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1093	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
1094	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1095	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1096	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1097	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1098	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1099	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1100	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1101	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1102	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1103	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1104	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb1a1:<flags> [calling]
1105	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1106	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefe740000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1107	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1108	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe740000 'C:\Windows\system32\SHLWAPI.dll'
1109	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1110	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ecb21:<flags> [calling]
1111	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1112	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1113	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000957000
1114	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1115	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F8CD815F0CD05638A6894535B0372BF0C0378D10
1116	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1117	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec0d1:<flags> [calling]
1118	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1119	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1120	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebc31:<flags> [calling]
1121	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1122	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1123	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebc31:<flags> [calling]
1124	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1125	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1126	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec0d1:<flags> [calling]
1127	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
1128	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1129	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ec081:<flags> [calling]
1130	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1131	23338.1f228: supR3HardenedIsApiSetDll: '<NULL>' -> true
1132	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ebd71:<flags> [calling]
1133	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1134	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1135	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec5a1:<flags> [calling]
1136	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1137	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\SystemRoot\System32\ntdll.dll'
1138	23338.1f228: g_pfnWinVerifyTrust=000007fefd241010
1139	23338.1f228: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1140	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c4 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
1141	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1142	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1143	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB46C4F6B834DB9328784D5BE3326BD80E3042DA
1144	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1145	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb311:<flags> [calling]
1146	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1147	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1148	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1149	23338.1f228: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1150	23338.1f228: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1151	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000b8 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
1152	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1153	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1154	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1F7258EF71AF066FD00F9B71F0DE2B52FBACE45
1155	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1156	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb311:<flags> [calling]
1157	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1158	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1159	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1160	23338.1f228: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1161	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1162	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1163	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1164	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1165	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1166	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1167	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1168	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f8 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1169	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1170	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1171	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
1172	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1173	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1174	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1175	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1176	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1177	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1178	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1179	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4160C19B4AE8E9DA7E4CF6F902F681967E258DC
1180	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1181	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1182	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1183	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1184	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000002b4 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
1185	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1186	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1187	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
1188	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1189	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1190	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1191	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000220 pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
1192	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1193	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1194	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1195	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1196	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1197	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1198	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000021c pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
1199	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1200	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1201	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8128043E2DB517CE21AC6C645E17AA014BE6A2CB
1202	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1203	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1204	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1205	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1206	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000208 pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
1207	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1208	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1209	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9B60D8E91DE4B6BD8680A8EA9952E873AF643EE
1210	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1211	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1212	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1213	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1214	23338.1f228: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
1215	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000204 pwszName=\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
1216	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1217	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1218	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4AFCEDBD0386D5B6429C0FDF7498C1608DE17EC2
1219	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT'; file='\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
1220	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
1221	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
1222	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
1223	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1224	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1225	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41C849408ED6D9A5379745F72C06BA402FAFD6B4
1226	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1227	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1228	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1229	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1230	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
1231	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1232	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1233	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1234	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1235	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1236	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1237	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1238	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1239	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1240	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF3169AB12A33146DE2E4D9C648CB8C041F20136
1241	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1242	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1243	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1244	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1245	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
1246	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1247	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1248	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1249	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1250	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1251	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1252	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
1253	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1254	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1255	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1256	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
1257	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
1259	23338.1f228: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll'
1260	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll
1261	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1262	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1263	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=695ACD125CEFF9F81B4477D40E4F48230DA7575A
1264	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT'; file='\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll'
1265	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
1266	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\Nvd3d9wrapx.dll'
1267	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
1268	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1269	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1270	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0F8698A026E11A08C881A657EBEF003ACEB45DEC
1271	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT'; file='\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'
1272	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1273	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'
1274	23338.1f228: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Windows\System32\nvinitx.dll'
1275	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume1\Windows\System32\nvinitx.dll
1276	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1277	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1278	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0D2EF1199F6922E255762832EFCD158CB488C63
1279	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT'; file='\Device\HarddiskVolume1\Windows\System32\nvinitx.dll'
1280	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
1281	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\nvinitx.dll'
1282	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
1283	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1284	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1285	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B282A2631D47B459D3BFB9E19817422A5BDA7C7
1286	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1287	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1288	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1289	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1290	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
1291	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1292	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1293	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1294	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1295	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1296	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1297	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
1298	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1299	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1300	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CCB7F806B584BC833CCB45233D3BC2338D720DD4
1301	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1302	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea981:<flags> [calling]
1303	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1304	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1305	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1306	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1307	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
1308	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1309	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1310	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E2E1B84E3D9D8988B641F2EA9E2FAEF8CEEACAF0
1311	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1312	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1313	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1314	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1315	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
1316	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1317	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1318	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46C6553832B642058240BB0EC294D9684053FA28
1319	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1320	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1321	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1322	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1323	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
1324	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1325	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1326	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7A5A1283302E26EA13000CD81ADE080BA465337
1327	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1328	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
1329	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1330	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1331	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
1332	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1333	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1334	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1335	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1336	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1337	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1338	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
1339	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1340	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1341	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B00C47C46ED3B51BBFC3F8FE80751A96F25C3EA
1342	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1343	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1344	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1345	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1346	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
1347	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
1348	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1349	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1350	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D212E5620D5CC7084245971F59495972AE15D84
1351	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1352	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1353	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1354	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1355	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
1356	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1357	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1358	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1359	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1360	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1361	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1362	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
1363	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1364	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1365	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD8EB2AA54C831F3AF5671C72D3359678F561895
1366	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1367	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1368	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1369	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1370	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
1371	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e8 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
1372	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1373	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1374	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=392B33B84600AC5ED0D2F6C5EC6F1E2AB7C64234
1375	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1376	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1377	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1378	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1379	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c8 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1380	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1381	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1382	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1383	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1384	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1385	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1386	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c0 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
1387	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1388	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1389	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1390	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1391	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1392	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1393	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000bc pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1394	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1395	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1396	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=487CAE399C22924A675FED14D1CB8898D92C81B9
1397	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1398	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1399	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1400	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1401	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1402	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1403	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1404	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1405	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D8459AE7ED3F113B897E375D67EA01B027C8E524
1406	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1407	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1408	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1409	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1410	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
1411	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1412	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1413	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F72682744C68FE06FC8B7C2643183184F472F3A1
1414	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1415	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1416	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1417	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1418	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1419	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1420	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1421	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1422	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1423	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1424	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1425	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1426	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1427	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1428	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1429	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1430	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1431	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1432	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1433	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1434	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1435	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1436	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1437	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1438	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1439	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1440	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1441	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1442	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1443	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1444	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1445	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1446	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1447	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1448	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1449	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1450	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xf8dae202a2dfca00 C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
1451	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1452	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1453	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
1454	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1455	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
1456	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1457	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1458	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1459	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1460	23338.1f228: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1461	23338.1f228: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42
1462	23338.1f228: SUPR3HardenedMain: Load Runtime...
1463	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1464	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1465	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1466	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1467	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1468	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1469	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1470	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1471	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1472	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1473	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1474	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1475	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1476	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1477	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1478	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1479	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1480	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
1481	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1482	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1483	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1484	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1485	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1486	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1487	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1488	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1489	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1490	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1491	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1492	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1493	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1494	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1495	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1496	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1497	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1498	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
1499	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1500	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1501	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
1502	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1503	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
1504	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1505	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
1506	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
1507	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1508	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1509	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1510	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1511	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebea1:<flags> [calling]
1512	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1513	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fee1460000 LB 0x005ed000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1514	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1515	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1516	23338.1f228: supR3HardenedDllNotificationCallback: load 0000000056330000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1517	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1518	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1519	23338.1f228: supR3HardenedDllNotificationCallback: load 0000000056290000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1520	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1521	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefef50000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1522	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1523	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feff180000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1524	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
1525	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1526	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1527	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1528	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1529	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1530	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1531	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1532	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1533	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1534	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1535	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1536	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1537	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1538	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1539	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1540	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1541	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1542	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1543	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1544	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1545	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1546	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1547	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1548	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1549	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1550	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1551	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1552	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1553	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1554	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1555	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1556	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1557	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1558	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1559	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1560	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1561	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1562	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1563	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1564	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1565	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1566	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1567	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1568	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1569	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e9581:<flags> [calling]
1570	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1571	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1572	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1573	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1460000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1574	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
1575	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eda01:<flags> [calling]
1576	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\Windows\system32\Wintrust.dll'
1577	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1578	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1579	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1580	23338.1f228: SUPR3HardenedMain: Load TrustedMain...
1581	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1582	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
1583	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1584	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1585	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1586	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1587	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1588	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1589	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1590	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1591	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
1592	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
1593	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
1594	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
1595	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1596	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1597	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1598	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
1599	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1600	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1601	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1602	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1603	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1604	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1605	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1606	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
1607	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
1608	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1609	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1610	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1611	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1612	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1613	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1614	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1615	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1616	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1617	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1618	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1619	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1620	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1621	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1622	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1623	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1624	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1625	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1626	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1627	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1628	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1629	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1630	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1631	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1632	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1633	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1634	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1635	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1636	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1637	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1638	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1639	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1640	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1641	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1642	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1643	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1644	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1645	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1646	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1647	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1648	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1649	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1650	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1651	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1652	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1653	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1654	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1655	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1656	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1657	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1658	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1659	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1660	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1661	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1662	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1663	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1664	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1665	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1666	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
1667	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
1668	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1669	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
1670	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1671	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1672	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
1673	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1674	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1675	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
1676	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1677	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1678	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
1679	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\UICommon.dll
1680	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1681	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1682	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
1683	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1684	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1685	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1686	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1687	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1688	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1689	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1690	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1691	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1692	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1693	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1694	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
1695	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1696	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1697	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1698	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1699	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1700	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
1701	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1702	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1703	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1704	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
1705	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1706	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1707	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1708	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1709	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1710	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1711	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1712	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
1713	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1714	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1715	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1716	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
1717	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1718	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1719	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1720	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
1721	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1722	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1723	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1724	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1725	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
1726	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
1727	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1728	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1729	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1730	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1731	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1732	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1733	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1734	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1735	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1736	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1737	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1738	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1739	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1740	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1741	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1742	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1743	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1744	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1745	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1746	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1747	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1748	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1749	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1750	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1751	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1752	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1753	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1754	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1755	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1756	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1757	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1758	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1759	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1760	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1761	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1762	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1763	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1764	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1765	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1766	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1767	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1768	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1769	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume1\Windows\System32\mpr.dll
1770	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1771	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1772	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1773	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\mpr.dll'
1774	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1775	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll) WinVerifyTrust
1776	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
1777	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1778	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1779	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1780	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1781	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1782	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1783	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1784	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1785	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1786	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1787	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
1788	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1789	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1790	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F0FD5A01ADEE7CE965956E4165CC96F02202139
1791	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1792	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1793	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1794	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1795	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1796	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1797	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1798	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1799	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1800	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1801	23338.1f228: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
1802	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1803	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1804	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1805	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll)
1806	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1807	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1808	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1809	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
1810	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1811	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1812	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1813	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1814	23338.1f228: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
1815	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1816	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1817	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1818	23338.1f228: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll)
1819	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
1820	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1821	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1822	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1823	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1824	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1825	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1826	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1827	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1828	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1829	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1830	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1831	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1832	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1833	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1834	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1835	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1836	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e94e1:<flags> [calling]
1837	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1838	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1839	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1840	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1841	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1842	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1843	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1844	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
1845	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
1846	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1847	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1848	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1849	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1850	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1851	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1852	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1853	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1854	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1855	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1856	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1857	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1858	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1859	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1860	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1861	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1862	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1863	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1864	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1865	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1866	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1867	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1868	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1869	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1870	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1871	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1872	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1873	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1874	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1875	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1876	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1877	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1878	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1879	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1880	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1881	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1882	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1883	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1884	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1885	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1886	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1887	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1888	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1889	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1890	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1891	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1892	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1893	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1894	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1895	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1896	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1897	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1898	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1899	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1900	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1901	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1902	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1903	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1904	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1905	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1906	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1907	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1908	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1909	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1910	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1911	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebeb1:<flags> [calling]
1912	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1913	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fee1110000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
1914	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
1915	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1916	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fee2700000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1917	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1918	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
1919	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef0330000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1920	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
1921	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1922	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feee420000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1923	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1924	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1925	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feee410000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1926	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1927	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1928	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1929	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1930	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\UICommon.dll
1931	23338.1f228: supR3HardenedDllNotificationCallback: load 000007feb3090000 LB 0x02614000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
1932	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\UICommon.dll
1933	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1934	23338.1f228: supR3HardenedDllNotificationCallback: load 00000000543c0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1935	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1936	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefd370000 LB 0x00d8b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1937	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1938	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
1939	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef9660000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1940	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
1941	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1942	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fee0830000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1943	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1944	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1945	23338.1f228: supR3HardenedDllNotificationCallback: load 00000000645a0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1946	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1947	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1948	23338.1f228: supR3HardenedDllNotificationCallback: load 0000000056fa0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1949	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1950	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
1951	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefa3f0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1952	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
1953	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
1954	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled]
1955	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
1956	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rescheduled]
1957	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.DLL'
1958	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
1959	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled]
1960	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
1961	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rescheduled]
1962	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
1963	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled]
1964	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
1965	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rescheduled]
1966	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
1967	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1968	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\cryptbase.dll'
1969	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
1970	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled]
1971	23338.1f228: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
1972	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rescheduled]
1973	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1110000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
1974	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
1975	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1976	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1977	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06E87E8BC22B9124778A2BDA6472CAFE3F12B2CA
1978	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
1979	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
1980	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1981	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
1982	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1983	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
1984	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
1985	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
1986	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
1987	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1988	23338.1f228: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
1989	23338.1f228: SUPR3HardenedMain: Calling TrustedMain (000007fee11116c0)...
1990	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1991	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed761:<flags> [calling]
1992	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\ole32.dll'
1993	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
1994	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
1995	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ebe41:<flags> [calling]
1996	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf70000 'C:\Windows\system32\profapi.dll'
1997	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1998	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1999	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2000	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2001	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2002	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2003	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2004	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2005	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2006	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2007	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2008	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2009	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2010	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2011	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2012	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2013	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2014	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2015	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2016	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2017	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2018	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2019	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2020	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2021	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2022	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2023	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2024	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2025	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2026	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2027	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2028	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2029	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2030	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2031	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
2032	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2033	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2034	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2035	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2036	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2037	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2038	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2039	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee131:<flags> [calling]
2040	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2041	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fee21d0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2042	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2043	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee21d0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2044	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
2045	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee061:<flags> [calling]
2046	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTBASE.dll'
2047	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000548 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2048	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2049	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2050	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2051	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
2052	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2053	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2054	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2055	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2056	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
2057	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2058	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2059	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2060	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2061	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2062	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2063	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2064	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001edac1:<flags> [calling]
2065	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2066	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefc700000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2067	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2068	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\uxtheme.dll'
2069	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2070	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed501:<flags> [calling]
2071	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\uxtheme.dll'
2072	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2073	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed271:<flags> [calling]
2074	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\uxtheme.dll'
2075	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2076	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed271:<flags> [calling]
2077	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\uxtheme.dll'
2078	23338.1f228: \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll: Owner is administrators group.
2079	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
2080	23338.1f228: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll) WinVerifyTrust
2081	23338.1f228: Error (rc=0):
2082	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2083	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2084	23338.1f228: Error (rc=0):
2085	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2086	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2087	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077320000 'C:\Windows\system32\user32.dll'
2088	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2089	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee371:<flags> [calling]
2090	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
2091	23338.1f228: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2092	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
2093	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2094	23338.1f228: Error (rc=0):
2095	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2096	23338.1f228: Error (rc=0):
2097	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2098	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2099	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2100	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ed9a1:<flags> [calling]
2101	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca60000 'C:\Windows\system32\dwmapi.dll'
2102	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2103	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee791:<flags> [calling]
2104	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
2105	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2106	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee791:<flags> [calling]
2107	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
2108	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2109	23338.1f228: Error (rc=0):
2110	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2111	23338.1f228: Error (rc=0):
2112	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2113	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2114	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2115	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eea71:<flags> [calling]
2116	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
2117	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2118	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eea41:<flags> [calling]
2119	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc700000 'C:\Windows\system32\uxtheme.dll'
2120	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\advapi32.dll'
2121	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
2122	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ee9a1:<flags> [calling]
2123	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\Windows\system32\userenv.dll'
2124	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2125	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eea81:<flags> [calling]
2126	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077200000 'C:\Windows\system32\kernel32.dll'
2127	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
2128	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2129	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2130	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2131	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2132	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
2133	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2134	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2135	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2136	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2137	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2138	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2139	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2140	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
2141	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2142	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2143	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2144	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2145	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2146	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2147	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2148	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2149	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
2150	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2151	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2152	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2153	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2154	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2155	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2156	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2157	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ec7a1:<flags> [calling]
2158	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2159	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefefe0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2160	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2161	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefe0000 'C:\Windows\system32\CLBCatQ.DLL'
2162	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
2163	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb5f1:<flags> [calling]
2164	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc410000 'C:\Windows\system32\CRYPTSP.dll'
2165	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ac pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2166	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2167	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2168	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2169	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
2170	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2171	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2172	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2173	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2174	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2175	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2176	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001eb1b1:<flags> [calling]
2177	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2178	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fefce80000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2179	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2180	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce80000 'C:\Windows\system32\RpcRtRemote.dll'
2181	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2182	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2183	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2184	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2185	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2186	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2187	23338.20418: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2188	23338.20418: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2189	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2190	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2191	23338.20418: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2192	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2193	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2194	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2195	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2196	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2197	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2198	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2199	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2200	23338.20418: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
2201	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2202	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2203	23338.20418: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000052dea31:<flags> [calling]
2204	23338.20418: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2205	23338.20418: supR3HardenedDllNotificationCallback: load 000007fee0480000 LB 0x003b0000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2206	23338.20418: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2207	23338.20418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0480000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2208	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2209	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2210	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2211	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2212	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2213	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2214	23338.20418: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2215	23338.20418: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2216	23338.20418: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2217	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2218	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2219	23338.20418: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
2220	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2221	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2222	23338.20418: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2223	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2224	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2225	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2226	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2227	23338.20418: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2228	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2229	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2230	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2231	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2232	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2233	23338.20418: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2234	23338.20418: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000052dd461:<flags> [calling]
2235	23338.20418: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2236	23338.20418: supR3HardenedDllNotificationCallback: load 000007fee20e0000 LB 0x000ed000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2237	23338.20418: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2238	23338.20418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee20e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2239	23338.20418: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2240	23338.20418: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000052dd2f1:<flags> [calling]
2241	23338.20418: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7c0000 'C:\Windows\system32\oleaut32.dll'
2242	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
2243	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\gdi32.dll'
2244	23338.1dd68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2245	23338.1dd68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2246	23338.1dd68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
2247	23338.1dd68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2248	23338.1dd68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2249	23338.1dd68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2250	23338.1dd68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2251	23338.1dd68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2252	23338.1dd68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004e0a431:<flags> [calling]
2253	23338.1dd68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2254	23338.1dd68: supR3HardenedDllNotificationCallback: load 000007fef4cd0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
2255	23338.1dd68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
2256	23338.1dd68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4cd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
2257	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2258	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ea4f1:<flags> [calling]
2259	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
2260	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2261	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2262	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2263	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2264	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2265	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2266	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2267	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2268	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e8d01:<flags> [calling]
2269	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2270	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fee0100000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2271	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2272	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0100000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2273	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2274	23338.1f228: Error (rc=0):
2275	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2276	23338.1f228: Error (rc=0):
2277	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2278	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2279	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2280	23338.1f228: Error (rc=0):
2281	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2282	23338.1f228: Error (rc=0):
2283	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2284	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2285	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2286	23338.1f228: Error (rc=0):
2287	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2288	23338.1f228: Error (rc=0):
2289	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2290	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2291	23338.1f228: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010c (CERT_E_REVOKED) on '\Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll'
2292	23338.1f228: supHardenedWinVerifyImageByHandle: -> -22919 (\Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll) WinVerifyTrust
2293	23338.1f228: Error (rc=0):
2294	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll: WinVerifyTrust failed with hrc=CERT_E_REVOKED on '\Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll'
2295	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2296	23338.1f228: Error (rc=0):
2297	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
2298	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
2299	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2300	23338.1f228: Error (rc=0):
2301	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2302	23338.1f228: Error (rc=0):
2303	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2304	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2305	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2306	23338.1f228: Error (rc=0):
2307	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2308	23338.1f228: Error (rc=0):
2309	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2310	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2311	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2312	23338.1f228: Error (rc=0):
2313	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2314	23338.1f228: Error (rc=0):
2315	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2316	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2317	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2318	23338.1f228: Error (rc=0):
2319	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2320	23338.1f228: Error (rc=0):
2321	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
2322	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
2323	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2324	23338.1f228: Error (rc=0):
2325	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2326	23338.1f228: Error (rc=0):
2327	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
2328	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
2329	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
2330	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2331	23338.1f228: Error (rc=0):
2332	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2333	23338.1f228: Error (rc=0):
2334	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
2335	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
2336	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2337	23338.1f228: Error (rc=0):
2338	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
2339	23338.1f228: Error (rc=0):
2340	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
2341	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
2342	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\ole32.dll'
2343	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\ole32.dll'
2344	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7c0000 'C:\Windows\system32\OLEAUT32.dll'
2345	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008bc pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2346	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2347	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2348	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2349	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
2350	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2351	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2352	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2353	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2354	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2355	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2356	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2357	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2358	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2359	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2360	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2361	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2362	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2363	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2364	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2365	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2366	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2367	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2368	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2369	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2370	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008c0 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2371	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2372	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2373	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2374	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
2375	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2376	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2377	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2378	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2379	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2380	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2381	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
2382	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2383	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2384	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2385	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2386	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2387	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2388	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2389	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2390	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2391	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2392	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2393	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2394	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2395	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2396	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
2397	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e6701:<flags> [calling]
2398	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2399	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef81f0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2400	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2401	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2402	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef8410000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2403	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2404	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef81f0000 'C:\Windows\system32\wbem\wbemprox.dll'
2405	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008e4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2406	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2407	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2408	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2409	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
2410	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2411	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2412	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2413	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2414	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2415	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2416	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2417	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2418	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2419	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e6301:<flags> [calling]
2420	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2421	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef7ce0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2422	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2423	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7ce0000 'C:\Windows\system32\wbem\wbemsvc.dll'
2424	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008e8 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2425	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2426	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2427	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2428	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
2429	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2430	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2431	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2432	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2433	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2434	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2435	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2436	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2437	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2438	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2439	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2440	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008c8 pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2441	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2442	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2443	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2444	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
2445	23338.1f228: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2446	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2447	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2448	23338.1f228: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2449	23338.1f228: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust
2450	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2451	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2452	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2453	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2454	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2455	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2456	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2457	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2458	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2459	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2460	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2461	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2462	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2463	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2464	23338.1f228: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2465	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2466	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2467	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2468	23338.1f228: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2469	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e6361:<flags> [calling]
2470	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2471	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef82c0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2472	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2473	23338.1f228: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2474	23338.1f228: supR3HardenedDllNotificationCallback: load 000007fef8250000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2475	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2476	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82c0000 'C:\Windows\system32\wbem\fastprox.dll'
2477	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7c0000 'C:\Windows\system32\OLEAUT32.dll'
2478	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
2479	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2480	23338.1f228: Error (rc=0):
2481	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
2482	23338.1f228: Error (rc=0):
2483	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
2484	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
2485	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d4 pwszName=\Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2486	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2487	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2488	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
2489	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\netcfgx.dll'
2490	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2491	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2492	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2493	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2494	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2495	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2496	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2497	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2498	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2499	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\netcfgx.dll) WinVerifyTrust
2500	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2501	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2502	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2503	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e0 pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2504	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2505	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2506	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2507	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
2508	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2509	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2510	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2511	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2512	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2513	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2514	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2515	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2516	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2517	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2518	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2519	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2520	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2521	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2522	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2523	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2524	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2525	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2526	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2527	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2528	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2529	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2530	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2531	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2532	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2533	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2534	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2535	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2536	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c8 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll
2537	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2538	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2539	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
2540	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
2541	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
2542	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2543	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2544	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2545	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2546	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust
2547	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2548	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2549	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2550	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2551	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2552	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2553	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2554	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2555	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2556	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2557	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2558	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2559	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2560	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41bb71:<flags> [calling]
2561	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2562	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef7f80000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2563	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2564	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2565	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefa4f0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2566	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2567	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2568	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefa4e0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2569	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2570	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7f80000 'C:\Windows\system32\netcfgx.dll'
2571	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2572	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d371:<flags> [calling]
2573	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8a0000 'C:\Windows\system32\SETUPAPI.dll'
2574	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2575	23338.7858: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll)
2576	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll
2577	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefb6e0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2578	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2579	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a2c pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll
2580	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2581	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2582	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2583	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
2584	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2585	23338.7858: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
2586	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
2587	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2588	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2589	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d111:<flags> [calling]
2590	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\Windows\system32\WINTRUST.dll'
2591	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2592	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e5cc1:<flags> [calling]
2593	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\WINMM.dll'
2594	23338.20e18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2595	23338.20e18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2596	23338.20e18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2597	23338.20e18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2598	23338.20e18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2599	23338.20e18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2600	23338.20e18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2601	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2602	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2603	23338.20e18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
2604	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2605	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2606	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2607	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2608	23338.20e18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2609	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2610	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2611	23338.20e18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
2612	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2613	23338.20e18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2614	23338.20e18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e1ddb01:<flags> [calling]
2615	23338.20e18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2616	23338.20e18: supR3HardenedDllNotificationCallback: load 000007fef3160000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2617	23338.20e18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2618	23338.20e18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3160000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2619	23338.1e71c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2620	23338.1e71c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2621	23338.1e71c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2622	23338.1e71c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2623	23338.1e71c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2624	23338.1e71c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2625	23338.1e71c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2626	23338.1e71c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2627	23338.1e71c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2628	23338.1e71c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2629	23338.1e71c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2630	23338.1e71c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
2631	23338.1e71c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e35d8b1:<flags> [calling]
2632	23338.1e71c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2633	23338.1e71c: supR3HardenedDllNotificationCallback: load 000007fef2e20000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2634	23338.1e71c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2635	23338.1e71c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2e20000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2636	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2637	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41a401:<flags> [calling]
2638	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\Shell32.dll'
2639	23338.7858: supR3HardenedIsApiSetDll: '<NULL>' -> true
2640	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000d419501:<flags> [calling]
2641	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2642	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2643	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41b831:<flags> [calling]
2644	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0100000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2645	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2646	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2647	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2648	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2649	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2650	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2651	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2652	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2653	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2654	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2655	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2656	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2657	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2658	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2659	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2660	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2661	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2662	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41c9e1:<flags> [calling]
2663	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2664	23338.7858: supR3HardenedDllNotificationCallback: load 000007fee33c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2665	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2666	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee33c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2667	23338.7858: supR3HardenedDllNotificationCallback: Unload 000007fee33c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2668	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2669	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2670	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2671	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2672	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2673	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2674	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2675	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2676	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2677	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2678	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2679	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
2680	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2681	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2682	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2683	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2684	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2685	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2686	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2687	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2688	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2689	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2690	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2691	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2692	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2693	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2694	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2695	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2696	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2697	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2698	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2699	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2700	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2701	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2702	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2703	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2704	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2705	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2706	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2707	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2708	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2709	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2710	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2711	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2712	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2713	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2714	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2715	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2716	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2717	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2718	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2719	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2720	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2721	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2722	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2723	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2724	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2725	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2726	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2727	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2728	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2729	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2730	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41dbf1:<flags> [calling]
2731	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
2732	23338.7858: supR3HardenedDllNotificationCallback: load 000007fedd8d0000 LB 0x009e4000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2733	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
2734	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2735	23338.7858: supR3HardenedDllNotificationCallback: load 000007fee2070000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2736	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2737	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2738	23338.7858: supR3HardenedDllNotificationCallback: load 000007fede450000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2739	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2740	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2741	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2742	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41dbf1:<flags> [calling]
2743	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2744	23338.7858: supR3HardenedDllNotificationCallback: load 000007fee33c0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2745	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2746	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee33c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2747	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2748	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41dbf1:<flags> [calling]
2749	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0480000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2750	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2751	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41da51:<flags> [calling]
2752	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede450000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2753	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2754	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2755	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2756	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2757	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2758	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2759	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2760	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2761	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41da51:<flags> [calling]
2762	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2763	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef1300000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2764	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2765	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1300000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2766	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2767	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2768	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2769	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2770	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2771	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2772	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2773	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2774	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41da51:<flags> [calling]
2775	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2776	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef0750000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2777	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2778	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0750000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2779	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2780	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2781	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2782	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2783	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2784	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2785	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2786	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2787	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41da51:<flags> [calling]
2788	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2789	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef0370000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2790	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2791	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0370000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2792	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2793	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2794	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2795	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2796	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2797	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2798	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2799	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2800	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41da51:<flags> [calling]
2801	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2802	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef01b0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2803	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2804	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef01b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2805	23338.23378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2806	23338.23378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2807	23338.23378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2808	23338.23378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2809	23338.23378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2810	23338.23378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2811	23338.23378: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2812	23338.23378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2813	23338.23378: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2814	23338.23378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2815	23338.23378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2816	23338.23378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2817	23338.23378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000097cd8b1:<flags> [calling]
2818	23338.23378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2819	23338.23378: supR3HardenedDllNotificationCallback: load 000007feefe20000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2820	23338.23378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2821	23338.23378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefe20000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2822	23338.21634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2823	23338.21634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2824	23338.21634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
2825	23338.21634: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2826	23338.21634: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2827	23338.21634: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2828	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2829	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2830	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2831	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2832	23338.21634: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2833	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2834	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2835	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2836	23338.21634: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2837	23338.21634: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000996db61:<flags> [calling]
2838	23338.21634: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2839	23338.21634: supR3HardenedDllNotificationCallback: load 000007fef12d0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2840	23338.21634: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2841	23338.21634: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef12d0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2842	23338.1b798: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2843	23338.1b798: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2844	23338.1b798: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2845	23338.1b798: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2846	23338.1b798: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2847	23338.1b798: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2848	23338.1b798: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2849	23338.1b798: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2850	23338.1b798: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2851	23338.1b798: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2852	23338.1b798: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2853	23338.1b798: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000009c1d7f1:<flags> [calling]
2854	23338.1b798: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2855	23338.1b798: supR3HardenedDllNotificationCallback: load 000007fef1060000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2856	23338.1b798: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2857	23338.1b798: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1060000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2858	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2859	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2860	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2861	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2862	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2863	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2864	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2865	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2866	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41f1e1:<flags> [calling]
2867	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2868	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef6210000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2869	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2870	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6210000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2871	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf4 pwszName=\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2872	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2873	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2874	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2875	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll'
2876	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2877	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2878	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2879	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2880	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2881	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2882	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2883	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2884	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2885	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf8 pwszName=\Device\HarddiskVolume1\Windows\System32\propsys.dll
2886	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2887	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2888	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2889	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\propsys.dll'
2890	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2891	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2892	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2893	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2894	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2895	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2896	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust
2897	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
2898	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2899	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2900	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2901	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2902	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2903	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2904	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2905	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2906	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2907	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2908	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2909	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2910	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2911	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2912	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2913	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2914	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2915	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d8e1:<flags> [calling]
2916	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2917	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefb1f0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2918	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2919	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
2920	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefb0c0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
2921	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
2922	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe660000 'C:\Windows\system32\ADVAPI32.dll'
2923	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb1f0000 'C:\Windows\System32\MMDevApi.dll'
2924	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\ole32.dll'
2925	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2926	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41dc11:<flags> [calling]
2927	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8a0000 'C:\Windows\system32\SETUPAPI.dll'
2928	23338.23014: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2929	23338.23014: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a7af401:<flags> [calling]
2930	23338.23014: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcff0000 'C:\Windows\system32\CFGMGR32.dll'
2931	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d48 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
2932	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2933	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2934	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2935	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
2936	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2937	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2938	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2939	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2940	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2941	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2942	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2943	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
2944	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
2945	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2946	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2947	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d4c pwszName=\Device\HarddiskVolume1\Windows\System32\powrprof.dll
2948	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2949	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
2950	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2951	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\powrprof.dll'
2952	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2953	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2954	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2955	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2956	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust
2957	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
2958	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2959	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2960	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2961	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2962	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2963	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2964	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2965	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2966	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2967	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2968	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2969	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2970	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2971	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2972	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2973	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2974	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2975	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2976	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41da11:<flags> [calling]
2977	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2978	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef1780000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2979	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2980	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
2981	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefb610000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2982	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
2983	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2984	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41cd51:<flags> [calling]
2985	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1780000 'C:\Windows\System32\dsound.dll'
2986	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1780000 'C:\Windows\System32\dsound.dll'
2987	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2988	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41db11:<flags> [calling]
2989	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1780000 'C:\Windows\system32\dsound.dll'
2990	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2991	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e711:<flags> [calling]
2992	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe740000 'C:\Windows\system32\SHLWAPI.dll'
2993	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2994	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e931:<flags> [calling]
2995	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb1f0000 'C:\Windows\system32\MMDEVAPI.DLL'
2996	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\ole32.dll'
2997	23338.6250: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d80 pwszName=\Device\HarddiskVolume1\Windows\System32\AudioSes.dll
2998	23338.6250: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
2999	23338.6250: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3000	23338.6250: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DEC7EC10FABD9D64EA15E6F9C426B2BBBC4DFEED
3001	23338.6250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\crypt32.dll'
3002	23338.6250: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_242_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\AudioSes.dll'
3003	23338.6250: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3004	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3005	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3006	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3007	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3008	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3009	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3010	23338.6250: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3011	23338.6250: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
3012	23338.6250: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3013	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3014	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3015	23338.6250: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3016	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3017	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3018	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3019	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3020	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3021	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3022	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3023	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3024	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3025	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3026	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3027	23338.6250: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3028	23338.6250: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b74f4e1:<flags> [calling]
3029	23338.6250: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3030	23338.6250: supR3HardenedDllNotificationCallback: load 000007fef8c70000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
3031	23338.6250: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3032	23338.6250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c70000 'C:\Windows\system32\AUDIOSES.DLL'
3033	23338.6250: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7c0000 'C:\Windows\system32\OLEAUT32.dll'
3034	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3035	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e561:<flags> [calling]
3036	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3037	23338.7858: supR3HardenedIsApiSetDll: '<NULL>' -> true
3038	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000d41e3c1:<flags> [calling]
3039	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-WIN-Service-Management-L1-1-0.dll'
3040	23338.7858: supR3HardenedIsApiSetDll: '<NULL>' -> true
3041	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000d41e3c1:<flags> [calling]
3042	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
3043	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe180000 'C:\Windows\system32\RPCRT4.dll'
3044	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3045	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e421:<flags> [calling]
3046	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb1f0000 'C:\Windows\system32\MMDevAPI.DLL'
3047	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d5c pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3048	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
3049	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3050	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
3051	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
3052	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3053	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3054	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3055	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3056	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3057	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3058	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
3059	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3060	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
3061	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
3062	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3063	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3064	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3065	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d88 pwszName=\Device\HarddiskVolume1\Windows\System32\avrt.dll
3066	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
3067	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3068	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
3069	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\avrt.dll'
3070	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3071	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
3072	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
3073	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3074	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3075	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3076	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3077	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3078	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume1\Windows\System32\ksuser.dll
3079	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
3080	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3081	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
3082	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ksuser.dll'
3083	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3084	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3085	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
3086	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3087	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3088	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3089	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3090	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3091	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3092	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3093	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3094	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3095	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3096	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3097	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3098	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3099	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41df91:<flags> [calling]
3100	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3101	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef37f0000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
3102	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3103	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3104	23338.7858: supR3HardenedDllNotificationCallback: load 000000006f2f0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
3105	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3106	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3107	23338.7858: supR3HardenedDllNotificationCallback: load 000007fefb0b0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
3108	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3109	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3110	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3111	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41df91:<flags> [calling]
3112	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3113	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3114	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e141:<flags> [calling]
3115	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3116	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3117	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e141:<flags> [calling]
3118	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3119	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3120	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e141:<flags> [calling]
3121	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3122	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3123	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e141:<flags> [calling]
3124	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3125	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3126	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e141:<flags> [calling]
3127	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3128	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3129	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3130	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3131	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\Windows\system32\wdmaud.drv'
3132	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
3133	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
3134	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3135	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3136	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
3137	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3138	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3139	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3140	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3141	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3142	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3143	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
3144	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3145	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3146	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3147	23338.7858: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3148	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3149	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3150	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d94 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.dll
3151	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
3152	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3153	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3154	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.dll'
3155	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3156	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3157	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3158	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3159	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3160	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3161	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
3162	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3163	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3164	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3165	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3166	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3167	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3168	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3169	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3170	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3171	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3172	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3173	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3174	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3175	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3176	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3177	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3178	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3179	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41df41:<flags> [calling]
3180	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3181	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef61d0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
3182	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3183	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3184	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef37d0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
3185	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3186	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3187	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3188	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d941:<flags> [calling]
3189	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3190	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3191	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d941:<flags> [calling]
3192	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3193	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3194	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d941:<flags> [calling]
3195	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3196	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3197	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d941:<flags> [calling]
3198	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3199	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3200	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d941:<flags> [calling]
3201	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3202	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3203	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d941:<flags> [calling]
3204	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3205	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3206	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3207	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef61d0000 'C:\Windows\system32\msacm32.drv'
3208	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dbc pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
3209	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000957000
3210	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000957000
3211	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3212	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
3213	23338.7858: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3214	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3215	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3216	23338.7858: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3217	23338.7858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
3218	23338.7858: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
3219	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3220	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3221	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3222	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3223	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3224	23338.7858: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3225	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41df41:<flags> [calling]
3226	23338.7858: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3227	23338.7858: supR3HardenedDllNotificationCallback: load 000007fef37c0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3228	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3229	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37c0000 'C:\Windows\system32\midimap.dll'
3230	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3231	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d911:<flags> [calling]
3232	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37c0000 'C:\Windows\system32\midimap.dll'
3233	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3234	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41d911:<flags> [calling]
3235	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37c0000 'C:\Windows\system32\midimap.dll'
3236	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3237	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41df41:<flags> [calling]
3238	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37c0000 'C:\Windows\system32\midimap.dll'
3239	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3240	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3241	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3242	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2b0000 'C:\Windows\system32\ole32.dll'
3243	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3244	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41e561:<flags> [calling]
3245	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3246	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3247	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3248	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3249	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3250	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3251	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3252	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3253	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3254	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41dae1:<flags> [calling]
3255	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1780000 'C:\Windows\system32\dsound.dll'
3256	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3257	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3258	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3259	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3260	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3261	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3262	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3263	23338.1f228: Error (rc=0):
3264	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3265	23338.1f228: Error (rc=0):
3266	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3267	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3268	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3269	23338.1f228: Error (rc=0):
3270	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3271	23338.1f228: Error (rc=0):
3272	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3273	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3274	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3275	23338.1f228: Error (rc=0):
3276	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3277	23338.1f228: Error (rc=0):
3278	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
3279	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
3280	23338.20e18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077320000 'C:\Windows\system32\User32.dll'
3281	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3282	23338.1f228: Error (rc=0):
3283	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3284	23338.1f228: Error (rc=0):
3285	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
3286	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
3287	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3288	23338.1f228: Error (rc=0):
3289	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3290	23338.1f228: Error (rc=0):
3291	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
3292	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
3293	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3294	23338.1f228: Error (rc=0):
3295	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3296	23338.1f228: Error (rc=0):
3297	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
3298	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
3299	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3300	23338.1f228: Error (rc=0):
3301	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3302	23338.1f228: Error (rc=0):
3303	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3304	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3305	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3306	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41cc01:<flags> [calling]
3307	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1780000 'C:\Windows\system32\dsound.dll'
3308	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3309	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3310	23338.7858: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3311	23338.7858: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d41dd21:<flags> [calling]
3312	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3313	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3314	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3315	23338.7858: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\Windows\system32\winmm.dll'
3316	23338.172b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3317	23338.172b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d1fd151:<flags> [calling]
3318	23338.172b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c70000 'C:\Windows\System32\audioses.dll'
3319	23338.13e00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3320	23338.13e00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000005623f881:<flags> [calling]
3321	23338.13e00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\avrt.dll'
3322	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3323	23338.1f228: Error (rc=0):
3324	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3325	23338.1f228: Error (rc=0):
3326	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3327	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3328	23338.1f228: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010c (CERT_E_REVOKED) on '\Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll'
3329	23338.1f228: supHardenedWinVerifyImageByHandle: -> -22919 (\Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll) WinVerifyTrust
3330	23338.1f228: Error (rc=0):
3331	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll: WinVerifyTrust failed with hrc=CERT_E_REVOKED on '\Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll'
3332	23338.1f228: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3333	23338.1f228: Error (rc=0):
3334	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3335	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3336	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3337	23338.1f228: Error (rc=0):
3338	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3339	23338.1f228: Error (rc=0):
3340	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3341	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3342	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3343	23338.1f228: Error (rc=0):
3344	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3345	23338.1f228: Error (rc=0):
3346	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3347	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3348	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3349	23338.1f228: Error (rc=0):
3350	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3351	23338.1f228: Error (rc=0):
3352	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3353	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3354	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3355	23338.1f228: Error (rc=0):
3356	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3357	23338.1f228: Error (rc=0):
3358	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3359	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3360	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3361	23338.1f228: Error (rc=0):
3362	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3363	23338.1f228: Error (rc=0):
3364	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3365	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3366	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3367	23338.1f228: Error (rc=0):
3368	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3369	23338.1f228: Error (rc=0):
3370	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3371	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3372	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3373	23338.1f228: Error (rc=0):
3374	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3375	23338.1f228: Error (rc=0):
3376	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3377	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3378	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3379	23338.1f228: Error (rc=0):
3380	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3381	23338.1f228: Error (rc=0):
3382	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
3383	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
3384	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3385	23338.1f228: Error (rc=0):
3386	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3387	23338.1f228: Error (rc=0):
3388	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3389	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3390	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3391	23338.1f228: Error (rc=0):
3392	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2048 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3393	23338.1f228: Error (rc=0):
3394	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3395	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'
3396	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3397	23338.1f228: Error (rc=0):
3398	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3399	23338.1f228: Error (rc=0):
3400	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3401	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3402	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3403	23338.1f228: Error (rc=0):
3404	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
3405	23338.1f228: Error (rc=0):
3406	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll): rcNt=0xc0000190
3407	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll'
3408	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
3409	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e90d1:<flags> [calling]
3410	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3411	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3412	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3413	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3414	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3415	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3416	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3417	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3418	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
3419	23338.1f228: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001e90d1:<flags> [calling]
3420	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3421	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3422	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3423	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3424	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3425	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3426	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3427	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3428	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3429	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3430	23338.1f228: Error (rc=0):
3431	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume1\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
3432	23338.1f228: Error (rc=0):
3433	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll' (C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
3434	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\ThinkPad\Bluetooth Software\btmmhook.dll'
3435	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3436	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd370000 'C:\Windows\system32\shell32.dll'
3437	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -23021 (0xffffa613)) on \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3438	23338.1f228: Error (rc=0):
3439	23338.1f228: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4096 \Device\HarddiskVolume1\Program Files (x86)\Dexpot\hooxpot64.dll
3440	23338.1f228: Error (rc=0):
3441	23338.1f228: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Dexpot\hooxpot64.dll' (C:\Program Files (x86)\Dexpot\hooxpot64.dll): rcNt=0xc0000190
3442	23338.1f228: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Dexpot\hooxpot64.dll'

Download in other formats:

Original Format