| 1 | e54.10c: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
|
|---|
| 2 | e54.10c: Calling main()
|
|---|
| 3 | e54.10c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 4 | e54.10c: SUPR3HardenedMain: Respawn #1
|
|---|
| 5 | e54.10c: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 6 | e54.10c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 7 | e54.10c: ProgDir: \Device\HarddiskVolume2\Program Files
|
|---|
| 8 | e54.10c: ComDir: \Device\HarddiskVolume2\Program Files\Common Files
|
|---|
| 9 | e54.10c: ProgDir32: \Device\HarddiskVolume2\Program Files (x86)
|
|---|
| 10 | e54.10c: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files
|
|---|
| 11 | e54.10c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 12 | e54.10c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 13 | e54.10c: supR3HardNtEnableThreadCreation:
|
|---|
| 14 | e54.10c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360
|
|---|
| 15 | e54.10c: supR3HardenedWinDoReSpawn(1): New child 1900.1b10 [kernel32].
|
|---|
| 16 | e54.10c: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd9000 cbPeb=0x380
|
|---|
| 17 | e54.10c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077740000 uNtDllChildAddr=0000000077740000
|
|---|
| 18 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=000000007776bfa0 uNtTerminateThread=0000000077791360
|
|---|
| 19 | e54.10c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360
|
|---|
| 20 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd]
|
|---|
| 21 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000002e0000 LB 0x1ab000
|
|---|
| 22 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
|
|---|
| 23 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 0000000077520000 LB 0x11f000
|
|---|
| 24 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll
|
|---|
| 25 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdee0000 LB 0x6b000
|
|---|
| 26 | e54.10c: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 15 ms
|
|---|
| 27 | e54.10c: supR3HardNtEnableThreadCreation:
|
|---|
| 28 | e54.10c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 29 | e54.10c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 30 | e54.10c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
|
|---|
| 31 | e54.10c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
|
|---|
| 32 | e54.10c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
|
|---|
| 33 | e54.10c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
|
|---|
| 34 | e54.10c: 0000000000041000-ffffffffffea1fff 0x0001/0x0000 0x0000000
|
|---|
| 35 | e54.10c: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000
|
|---|
| 36 | e54.10c: 00000000002dc000-00000000002d8fff 0x0104/0x0004 0x0020000
|
|---|
| 37 | e54.10c: 00000000002df000-00000000002ddfff 0x0004/0x0004 0x0020000
|
|---|
| 38 | e54.10c: 00000000002e0000-ffffffff88e7ffff 0x0001/0x0000 0x0000000
|
|---|
| 39 | e54.10c: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 40 | e54.10c: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 41 | e54.10c: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 42 | e54.10c: 0000000077872000-0000000077863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 43 | e54.10c: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 44 | e54.10c: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000
|
|---|
| 45 | e54.10c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
|
|---|
| 46 | e54.10c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 47 | e54.10c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 48 | e54.10c: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000
|
|---|
| 49 | e54.10c: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 50 | e54.10c: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 51 | e54.10c: 000000013f570000-000000013f56efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 52 | e54.10c: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 53 | e54.10c: 000000013f5a8000-000000013f59efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 54 | e54.10c: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 55 | e54.10c: 000000013f5ea000-fffff8037f173fff 0x0001/0x0000 0x0000000
|
|---|
| 56 | e54.10c: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 57 | e54.10c: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
|
|---|
| 58 | e54.10c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
|
|---|
| 59 | e54.10c: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
|
|---|
| 60 | e54.10c: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
|
|---|
| 61 | e54.10c: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
|
|---|
| 62 | e54.10c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
|
|---|
| 63 | e54.10c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 64 | e54.10c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 65 | e54.10c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 66 | e54.10c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 67 | e54.10c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
|
|---|
| 68 | e54.10c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 69 | e54.10c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 70 | e54.10c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 71 | 1900.1b10: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
|
|---|
| 72 | 1900.1b10: Calling main()
|
|---|
| 73 | 1900.1b10: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 74 | 1900.1b10: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 75 | 1900.1b10: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 76 | 1900.1b10: ProgDir: \Device\HarddiskVolume2\Program Files
|
|---|
| 77 | 1900.1b10: ComDir: \Device\HarddiskVolume2\Program Files\Common Files
|
|---|
| 78 | 1900.1b10: ProgDir32: \Device\HarddiskVolume2\Program Files (x86)
|
|---|
| 79 | 1900.1b10: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files
|
|---|
| 80 | 1900.1b10: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 11 sleeps
|
|---|
| 81 | 1900.1b10: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
|
|---|
| 82 | 1900.1b10: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 83 | 1900.1b10: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
|
|---|
| 84 | 1900.1b10: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
|
|---|
| 85 | 1900.1b10: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
|
|---|
| 86 | 1900.1b10: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
|
|---|
| 87 | 1900.1b10: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
|
|---|
| 88 | 1900.1b10: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000
|
|---|
| 89 | 1900.1b10: *0000000000070000-fffffffffffeefff 0x0004/0x0004 0x0020000
|
|---|
| 90 | 1900.1b10: 00000000000f1000-0000000000071fff 0x0000/0x0004 0x0020000
|
|---|
| 91 | 1900.1b10: *0000000000170000-0000000000108fff 0x0002/0x0002 0x0040000
|
|---|
| 92 | 1900.1b10: 00000000001d7000-00000000001cdfff 0x0001/0x0000 0x0000000
|
|---|
| 93 | 1900.1b10: *00000000001e0000-00000000000e4fff 0x0000/0x0004 0x0020000
|
|---|
| 94 | 1900.1b10: 00000000002db000-00000000002d8fff 0x0104/0x0004 0x0020000
|
|---|
| 95 | 1900.1b10: 00000000002dd000-00000000002d9fff 0x0004/0x0004 0x0020000
|
|---|
| 96 | 1900.1b10: *00000000002e0000-0000000000133fff 0x0004/0x0004 0x0020000
|
|---|
| 97 | 1900.1b10: 000000000048c000-ffffffff893f7fff 0x0001/0x0000 0x0000000
|
|---|
| 98 | 1900.1b10: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 99 | 1900.1b10: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 100 | 1900.1b10: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 101 | 1900.1b10: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 102 | 1900.1b10: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 103 | 1900.1b10: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000
|
|---|
| 104 | 1900.1b10: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 105 | 1900.1b10: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 106 | 1900.1b10: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 107 | 1900.1b10: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 108 | 1900.1b10: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 109 | 1900.1b10: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 110 | 1900.1b10: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 111 | 1900.1b10: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 112 | 1900.1b10: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 113 | 1900.1b10: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 114 | 1900.1b10: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 115 | 1900.1b10: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 116 | 1900.1b10: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 117 | 1900.1b10: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000
|
|---|
| 118 | 1900.1b10: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
|
|---|
| 119 | 1900.1b10: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
|
|---|
| 120 | 1900.1b10: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
|
|---|
| 121 | 1900.1b10: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 122 | 1900.1b10: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 123 | 1900.1b10: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000
|
|---|
| 124 | 1900.1b10: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 125 | 1900.1b10: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 126 | 1900.1b10: 000000013f570000-000000013f56efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 127 | 1900.1b10: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 128 | 1900.1b10: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 129 | 1900.1b10: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 130 | 1900.1b10: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000
|
|---|
| 131 | 1900.1b10: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 132 | 1900.1b10: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 133 | 1900.1b10: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 134 | 1900.1b10: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 135 | 1900.1b10: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 136 | 1900.1b10: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000
|
|---|
| 137 | 1900.1b10: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 138 | 1900.1b10: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
|
|---|
| 139 | 1900.1b10: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
|
|---|
| 140 | 1900.1b10: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
|
|---|
| 141 | 1900.1b10: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
|
|---|
| 142 | 1900.1b10: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
|
|---|
| 143 | 1900.1b10: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
|
|---|
| 144 | 1900.1b10: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 145 | 1900.1b10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 146 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 147 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 148 | 1900.1b10: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
|
|---|
| 149 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 150 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 151 | 1900.1b10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 152 | 1900.1b10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 153 | 1900.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 154 | 1900.1b10: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY
|
|---|
| 155 | 1900.1b10: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 156 | 1900.1b10: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
|
|---|
| 157 | 1900.1b10: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
|
|---|
| 158 | 1900.1b10: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
|
|---|
| 159 | 1900.1b10: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
|
|---|
| 160 | 1900.1b10: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
|
|---|
| 161 | 1900.1b10: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000
|
|---|
| 162 | 1900.1b10: *0000000000070000-fffffffffff6ffff 0x0004/0x0004 0x0020000
|
|---|
| 163 | 1900.1b10: *0000000000170000-0000000000108fff 0x0002/0x0002 0x0040000
|
|---|
| 164 | 1900.1b10: 00000000001d7000-00000000001cdfff 0x0001/0x0000 0x0000000
|
|---|
| 165 | 1900.1b10: *00000000001e0000-00000000000e5fff 0x0000/0x0004 0x0020000
|
|---|
| 166 | 1900.1b10: 00000000002da000-00000000002d7fff 0x0104/0x0004 0x0020000
|
|---|
| 167 | 1900.1b10: 00000000002dc000-00000000002d7fff 0x0004/0x0004 0x0020000
|
|---|
| 168 | 1900.1b10: *00000000002e0000-0000000000133fff 0x0004/0x0004 0x0020000
|
|---|
| 169 | 1900.1b10: 000000000048c000-0000000000487fff 0x0001/0x0000 0x0000000
|
|---|
| 170 | 1900.1b10: *0000000000490000-0000000000393fff 0x0004/0x0004 0x0020000
|
|---|
| 171 | 1900.1b10: 000000000058c000-0000000000587fff 0x0000/0x0004 0x0020000
|
|---|
| 172 | 1900.1b10: *0000000000590000-0000000000512fff 0x0004/0x0004 0x0020000
|
|---|
| 173 | 1900.1b10: 000000000060d000-0000000000489fff 0x0000/0x0004 0x0020000
|
|---|
| 174 | 1900.1b10: *0000000000790000-000000000066ffff 0x0004/0x0004 0x0020000
|
|---|
| 175 | 1900.1b10: 00000000008b0000-ffffffff89c3ffff 0x0001/0x0000 0x0000000
|
|---|
| 176 | 1900.1b10: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 177 | 1900.1b10: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 178 | 1900.1b10: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 179 | 1900.1b10: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 180 | 1900.1b10: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 181 | 1900.1b10: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000
|
|---|
| 182 | 1900.1b10: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 183 | 1900.1b10: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 184 | 1900.1b10: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 185 | 1900.1b10: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 186 | 1900.1b10: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 187 | 1900.1b10: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 188 | 1900.1b10: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 189 | 1900.1b10: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 190 | 1900.1b10: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 191 | 1900.1b10: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 192 | 1900.1b10: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 193 | 1900.1b10: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 194 | 1900.1b10: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 195 | 1900.1b10: 00000000778eb000-00000000778e5fff 0x0001/0x0000 0x0000000
|
|---|
| 196 | 1900.1b10: *00000000778f0000-00000000778eefff 0x0004/0x0004 0x0020000
|
|---|
| 197 | 1900.1b10: 00000000778f1000-0000000070201fff 0x0001/0x0000 0x0000000
|
|---|
| 198 | 1900.1b10: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
|
|---|
| 199 | 1900.1b10: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
|
|---|
| 200 | 1900.1b10: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
|
|---|
| 201 | 1900.1b10: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 202 | 1900.1b10: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 203 | 1900.1b10: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000
|
|---|
| 204 | 1900.1b10: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 205 | 1900.1b10: 000000013f4f1000-000000013f470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 206 | 1900.1b10: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 207 | 1900.1b10: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 208 | 1900.1b10: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 209 | 1900.1b10: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000
|
|---|
| 210 | 1900.1b10: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 211 | 1900.1b10: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 212 | 1900.1b10: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 213 | 1900.1b10: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 214 | 1900.1b10: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 215 | 1900.1b10: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000
|
|---|
| 216 | 1900.1b10: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 217 | 1900.1b10: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
|
|---|
| 218 | 1900.1b10: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
|
|---|
| 219 | 1900.1b10: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
|
|---|
| 220 | 1900.1b10: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
|
|---|
| 221 | 1900.1b10: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
|
|---|
| 222 | 1900.1b10: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
|
|---|
| 223 | 1900.1b10: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 224 | 1900.1b10: SUPR3HardenedMain: Respawn #2
|
|---|
| 225 | 1900.1b10: supR3HardNtEnableThreadCreation:
|
|---|
| 226 | 1900.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags>
|
|---|
| 227 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 228 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 229 | 1900.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
|
|---|
| 230 | 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 231 | 1900.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
|
|---|
| 232 | 1900.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\apphelp.dll'
|
|---|
| 233 | 1900.1b10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360
|
|---|
| 234 | 1900.1b10: supR3HardenedWinDoReSpawn(2): New child 19b4.1b7c [kernel32].
|
|---|
| 235 | 1900.1b10: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd7000 cbPeb=0x380
|
|---|
| 236 | 1900.1b10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077740000 uNtDllChildAddr=0000000077740000
|
|---|
| 237 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=000000007776bfa0 uNtTerminateThread=0000000077791360
|
|---|
| 238 | 1900.1b10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360
|
|---|
| 239 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 240 | 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 241 | 1900.1b10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 242 | 1900.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
|
|---|
| 243 | 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 244 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd]
|
|---|
| 245 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 0000000000240000 LB 0x1ab000
|
|---|
| 246 | 1900.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
|
|---|
| 247 | 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 248 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
|
|---|
| 249 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 0000000077520000 LB 0x11f000
|
|---|
| 250 | 1900.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
|
|---|
| 251 | 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 252 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll
|
|---|
| 253 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdee0000 LB 0x6b000
|
|---|
| 254 | 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 31 ms
|
|---|
| 255 | 1900.1b10: supR3HardNtEnableThreadCreation:
|
|---|
| 256 | 1900.1b10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 257 | 1900.1b10: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 258 | 1900.1b10: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
|
|---|
| 259 | 1900.1b10: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
|
|---|
| 260 | 1900.1b10: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
|
|---|
| 261 | 1900.1b10: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
|
|---|
| 262 | 1900.1b10: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000
|
|---|
| 263 | 1900.1b10: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000
|
|---|
| 264 | 1900.1b10: 000000000023c000-0000000000238fff 0x0104/0x0004 0x0020000
|
|---|
| 265 | 1900.1b10: 000000000023f000-000000000023dfff 0x0004/0x0004 0x0020000
|
|---|
| 266 | 1900.1b10: 0000000000240000-ffffffff88d3ffff 0x0001/0x0000 0x0000000
|
|---|
| 267 | 1900.1b10: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 268 | 1900.1b10: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 269 | 1900.1b10: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 270 | 1900.1b10: 0000000077872000-0000000077863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 271 | 1900.1b10: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 272 | 1900.1b10: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000
|
|---|
| 273 | 1900.1b10: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
|
|---|
| 274 | 1900.1b10: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 275 | 1900.1b10: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 276 | 1900.1b10: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000
|
|---|
| 277 | 1900.1b10: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 278 | 1900.1b10: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 279 | 1900.1b10: 000000013f570000-000000013f56efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 280 | 1900.1b10: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 281 | 1900.1b10: 000000013f5a8000-000000013f59efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 282 | 1900.1b10: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 283 | 1900.1b10: 000000013f5ea000-fffff8037f173fff 0x0001/0x0000 0x0000000
|
|---|
| 284 | 1900.1b10: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 285 | 1900.1b10: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
|
|---|
| 286 | 1900.1b10: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
|
|---|
| 287 | 1900.1b10: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
|
|---|
| 288 | 1900.1b10: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
|
|---|
| 289 | 1900.1b10: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
|
|---|
| 290 | 1900.1b10: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
|
|---|
| 291 | 1900.1b10: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 292 | 19b4.1b7c: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
|
|---|
| 293 | 19b4.1b7c: Calling main()
|
|---|
| 294 | 19b4.1b7c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 295 | 19b4.1b7c: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 296 | 19b4.1b7c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 297 | 19b4.1b7c: ProgDir: \Device\HarddiskVolume2\Program Files
|
|---|
| 298 | 19b4.1b7c: ComDir: \Device\HarddiskVolume2\Program Files\Common Files
|
|---|
| 299 | 19b4.1b7c: ProgDir32: \Device\HarddiskVolume2\Program Files (x86)
|
|---|
| 300 | 19b4.1b7c: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files
|
|---|
| 301 | 19b4.1b7c: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 11 sleeps
|
|---|
| 302 | 19b4.1b7c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
|
|---|
| 303 | 19b4.1b7c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 304 | 19b4.1b7c: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
|
|---|
| 305 | 19b4.1b7c: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
|
|---|
| 306 | 19b4.1b7c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
|
|---|
| 307 | 19b4.1b7c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
|
|---|
| 308 | 19b4.1b7c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
|
|---|
| 309 | 19b4.1b7c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
|
|---|
| 310 | 19b4.1b7c: *0000000000050000-fffffffffffe8fff 0x0002/0x0002 0x0040000
|
|---|
| 311 | 19b4.1b7c: 00000000000b7000-000000000002dfff 0x0001/0x0000 0x0000000
|
|---|
| 312 | 19b4.1b7c: *0000000000140000-0000000000044fff 0x0000/0x0004 0x0020000
|
|---|
| 313 | 19b4.1b7c: 000000000023b000-0000000000238fff 0x0104/0x0004 0x0020000
|
|---|
| 314 | 19b4.1b7c: 000000000023d000-0000000000239fff 0x0004/0x0004 0x0020000
|
|---|
| 315 | 19b4.1b7c: 0000000000240000-000000000022ffff 0x0001/0x0000 0x0000000
|
|---|
| 316 | 19b4.1b7c: *0000000000250000-00000000001cefff 0x0004/0x0004 0x0020000
|
|---|
| 317 | 19b4.1b7c: 00000000002d1000-0000000000251fff 0x0000/0x0004 0x0020000
|
|---|
| 318 | 19b4.1b7c: *0000000000350000-00000000001a3fff 0x0004/0x0004 0x0020000
|
|---|
| 319 | 19b4.1b7c: 00000000004fc000-ffffffff894d7fff 0x0001/0x0000 0x0000000
|
|---|
| 320 | 19b4.1b7c: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 321 | 19b4.1b7c: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 322 | 19b4.1b7c: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 323 | 19b4.1b7c: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 324 | 19b4.1b7c: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 325 | 19b4.1b7c: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000
|
|---|
| 326 | 19b4.1b7c: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 327 | 19b4.1b7c: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 328 | 19b4.1b7c: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 329 | 19b4.1b7c: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 330 | 19b4.1b7c: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 331 | 19b4.1b7c: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 332 | 19b4.1b7c: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 333 | 19b4.1b7c: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 334 | 19b4.1b7c: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 335 | 19b4.1b7c: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 336 | 19b4.1b7c: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 337 | 19b4.1b7c: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 338 | 19b4.1b7c: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 339 | 19b4.1b7c: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000
|
|---|
| 340 | 19b4.1b7c: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
|
|---|
| 341 | 19b4.1b7c: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
|
|---|
| 342 | 19b4.1b7c: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
|
|---|
| 343 | 19b4.1b7c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 344 | 19b4.1b7c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 345 | 19b4.1b7c: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000
|
|---|
| 346 | 19b4.1b7c: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 347 | 19b4.1b7c: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 348 | 19b4.1b7c: 000000013f570000-000000013f56efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 349 | 19b4.1b7c: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 350 | 19b4.1b7c: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 351 | 19b4.1b7c: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 352 | 19b4.1b7c: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000
|
|---|
| 353 | 19b4.1b7c: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 354 | 19b4.1b7c: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 355 | 19b4.1b7c: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 356 | 19b4.1b7c: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 357 | 19b4.1b7c: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 358 | 19b4.1b7c: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000
|
|---|
| 359 | 19b4.1b7c: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 360 | 19b4.1b7c: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
|
|---|
| 361 | 19b4.1b7c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
|
|---|
| 362 | 19b4.1b7c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
|
|---|
| 363 | 19b4.1b7c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
|
|---|
| 364 | 19b4.1b7c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
|
|---|
| 365 | 19b4.1b7c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
|
|---|
| 366 | 19b4.1b7c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 367 | 19b4.1b7c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 368 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 369 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 370 | 19b4.1b7c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
|
|---|
| 371 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 372 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 373 | 19b4.1b7c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 374 | 19b4.1b7c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 375 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 376 | 19b4.1b7c: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY
|
|---|
| 377 | 19b4.1b7c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 378 | 19b4.1b7c: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
|
|---|
| 379 | 19b4.1b7c: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000
|
|---|
| 380 | 19b4.1b7c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
|
|---|
| 381 | 19b4.1b7c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
|
|---|
| 382 | 19b4.1b7c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
|
|---|
| 383 | 19b4.1b7c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
|
|---|
| 384 | 19b4.1b7c: *0000000000050000-fffffffffffe8fff 0x0002/0x0002 0x0040000
|
|---|
| 385 | 19b4.1b7c: 00000000000b7000-000000000002dfff 0x0001/0x0000 0x0000000
|
|---|
| 386 | 19b4.1b7c: *0000000000140000-0000000000045fff 0x0000/0x0004 0x0020000
|
|---|
| 387 | 19b4.1b7c: 000000000023a000-0000000000237fff 0x0104/0x0004 0x0020000
|
|---|
| 388 | 19b4.1b7c: 000000000023c000-0000000000237fff 0x0004/0x0004 0x0020000
|
|---|
| 389 | 19b4.1b7c: 0000000000240000-000000000022ffff 0x0001/0x0000 0x0000000
|
|---|
| 390 | 19b4.1b7c: *0000000000250000-000000000014ffff 0x0004/0x0004 0x0020000
|
|---|
| 391 | 19b4.1b7c: *0000000000350000-00000000001a3fff 0x0004/0x0004 0x0020000
|
|---|
| 392 | 19b4.1b7c: 00000000004fc000-00000000004f7fff 0x0001/0x0000 0x0000000
|
|---|
| 393 | 19b4.1b7c: *0000000000500000-0000000000403fff 0x0004/0x0004 0x0020000
|
|---|
| 394 | 19b4.1b7c: 00000000005fc000-00000000005f7fff 0x0000/0x0004 0x0020000
|
|---|
| 395 | 19b4.1b7c: *0000000000600000-0000000000582fff 0x0004/0x0004 0x0020000
|
|---|
| 396 | 19b4.1b7c: 000000000067d000-00000000004f9fff 0x0000/0x0004 0x0020000
|
|---|
| 397 | 19b4.1b7c: *0000000000800000-00000000006dffff 0x0004/0x0004 0x0020000
|
|---|
| 398 | 19b4.1b7c: 0000000000920000-ffffffff89d1ffff 0x0001/0x0000 0x0000000
|
|---|
| 399 | 19b4.1b7c: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 400 | 19b4.1b7c: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 401 | 19b4.1b7c: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 402 | 19b4.1b7c: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 403 | 19b4.1b7c: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 404 | 19b4.1b7c: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000
|
|---|
| 405 | 19b4.1b7c: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 406 | 19b4.1b7c: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 407 | 19b4.1b7c: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 408 | 19b4.1b7c: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 409 | 19b4.1b7c: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 410 | 19b4.1b7c: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 411 | 19b4.1b7c: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 412 | 19b4.1b7c: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 413 | 19b4.1b7c: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 414 | 19b4.1b7c: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 415 | 19b4.1b7c: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 416 | 19b4.1b7c: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 417 | 19b4.1b7c: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 418 | 19b4.1b7c: 00000000778eb000-00000000778e5fff 0x0001/0x0000 0x0000000
|
|---|
| 419 | 19b4.1b7c: *00000000778f0000-00000000778eefff 0x0004/0x0004 0x0020000
|
|---|
| 420 | 19b4.1b7c: 00000000778f1000-0000000070201fff 0x0001/0x0000 0x0000000
|
|---|
| 421 | 19b4.1b7c: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
|
|---|
| 422 | 19b4.1b7c: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
|
|---|
| 423 | 19b4.1b7c: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
|
|---|
| 424 | 19b4.1b7c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 425 | 19b4.1b7c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 426 | 19b4.1b7c: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000
|
|---|
| 427 | 19b4.1b7c: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 428 | 19b4.1b7c: 000000013f4f1000-000000013f470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 429 | 19b4.1b7c: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 430 | 19b4.1b7c: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 431 | 19b4.1b7c: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 432 | 19b4.1b7c: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000
|
|---|
| 433 | 19b4.1b7c: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 434 | 19b4.1b7c: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 435 | 19b4.1b7c: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 436 | 19b4.1b7c: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 437 | 19b4.1b7c: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 438 | 19b4.1b7c: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000
|
|---|
| 439 | 19b4.1b7c: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 440 | 19b4.1b7c: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000
|
|---|
| 441 | 19b4.1b7c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
|
|---|
| 442 | 19b4.1b7c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
|
|---|
| 443 | 19b4.1b7c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
|
|---|
| 444 | 19b4.1b7c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
|
|---|
| 445 | 19b4.1b7c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
|
|---|
| 446 | 19b4.1b7c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 447 | 19b4.1b7c: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 448 | 19b4.1b7c: supR3HardNtEnableThreadCreation:
|
|---|
| 449 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000005fbf80:C:\Windows\system32
|
|---|
| 450 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 451 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 452 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 453 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 454 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 455 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 456 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 457 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 458 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 459 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 460 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=00000000002c6580:C:\Windows\system32
|
|---|
| 461 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 462 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
|
|---|
| 463 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
|
|---|
| 464 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 465 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
|
|---|
| 466 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 467 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 468 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 469 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 470 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 471 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
|
|---|
| 472 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 473 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 474 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 475 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 476 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 477 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
|
|---|
| 478 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
|
|---|
| 479 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 480 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 481 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 482 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 483 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 484 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
|
|---|
| 485 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
|
|---|
| 486 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 487 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 488 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 489 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 490 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 491 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
|
|---|
| 492 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 493 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 494 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 495 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 496 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 497 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 498 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 499 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 500 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 501 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 502 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
|
|---|
| 503 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 504 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 505 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
|
|---|
| 506 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
|
|---|
| 507 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 508 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTSP.dll'
|
|---|
| 509 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 510 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 511 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 512 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 513 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
|
|---|
| 514 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
|
|---|
| 515 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 516 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 517 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 518 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 519 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 520 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 521 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
|
|---|
| 522 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 523 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 524 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 525 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 526 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
|
|---|
| 527 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 528 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 529 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 530 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 531 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 532 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 533 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 534 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 535 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 536 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 537 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 538 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
|
|---|
| 539 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
|
|---|
| 540 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
|
|---|
| 541 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 542 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 543 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008]
|
|---|
| 544 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 545 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 546 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
|
|---|
| 547 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 548 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 549 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 550 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 551 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 552 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 553 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 554 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 555 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\CRYPTBASE.dll'
|
|---|
| 556 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=kernel32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 557 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008]
|
|---|
| 558 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
|
|---|
| 559 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 560 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077520000 'C:\Windows\system32\kernel32.dll'
|
|---|
| 561 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 562 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'WINTRUST.DLL' -> 'C:\Windows\system32\WINTRUST.DLL' [rcNt=0xc0150008]
|
|---|
| 563 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 564 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\WINTRUST.DLL'
|
|---|
| 565 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 566 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 567 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\CRYPT32.dll'
|
|---|
| 568 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=imagehlp.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 569 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'imagehlp.dll' -> 'C:\Windows\system32\imagehlp.dll' [rcNt=0xc0150008]
|
|---|
| 570 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 571 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
|
|---|
| 572 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
|
|---|
| 573 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
|
|---|
| 574 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 575 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 576 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 577 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 578 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 579 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 580 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
|
|---|
| 581 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb90000 'C:\Windows\system32\imagehlp.dll'
|
|---|
| 582 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 583 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008]
|
|---|
| 584 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 585 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTSP.dll'
|
|---|
| 586 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=USER32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 587 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'USER32.dll' -> 'C:\Windows\system32\USER32.dll' [rcNt=0xc0150008]
|
|---|
| 588 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 589 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 590 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 591 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
|
|---|
| 592 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 593 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 594 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 595 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 596 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 597 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 598 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
|
|---|
| 599 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
|
|---|
| 600 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 601 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
|
|---|
| 602 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
|
|---|
| 603 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 604 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 605 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
|
|---|
| 606 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 607 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
|
|---|
| 608 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
|
|---|
| 609 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
|
|---|
| 610 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 611 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 612 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 613 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
|
|---|
| 614 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
|
|---|
| 615 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 616 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 617 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 618 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 619 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
|
|---|
| 620 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
|
|---|
| 621 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
|
|---|
| 622 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 623 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 624 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 625 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 626 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 627 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 628 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 629 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 630 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 631 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 632 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 633 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 634 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 635 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 636 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 637 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 638 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=gdi32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 639 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008]
|
|---|
| 640 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 641 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2c0000 'C:\Windows\system32\gdi32.dll'
|
|---|
| 642 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 643 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 644 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 645 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 646 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 647 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
|
|---|
| 648 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
|
|---|
| 649 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 650 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
|
|---|
| 651 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
|
|---|
| 652 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 653 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 654 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 655 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 656 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
|
|---|
| 657 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
|
|---|
| 658 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
|
|---|
| 659 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
|
|---|
| 660 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 661 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 662 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 663 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 664 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 665 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 666 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 667 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
|
|---|
| 668 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
|
|---|
| 669 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 670 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 671 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 672 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 673 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 674 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 675 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 676 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 677 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 678 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
|
|---|
| 679 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\IMM32.DLL'
|
|---|
| 680 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077640000 'C:\Windows\system32\USER32.dll'
|
|---|
| 681 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=ncrypt.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 682 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'ncrypt.dll' -> 'C:\Windows\system32\ncrypt.dll' [rcNt=0xc0150008]
|
|---|
| 683 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
|
|---|
| 684 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 685 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
|
|---|
| 686 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
|
|---|
| 687 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
|
|---|
| 688 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 689 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 690 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 691 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 692 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 693 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 694 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 695 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 696 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 697 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 698 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
|
|---|
| 699 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
|
|---|
| 700 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
|
|---|
| 701 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 702 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ncrypt.dll'
|
|---|
| 703 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 704 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 705 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 706 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 707 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
|
|---|
| 708 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
|
|---|
| 709 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
|
|---|
| 710 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 711 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 712 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 713 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 714 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 715 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 716 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 717 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\bcryptprimitives.dll'
|
|---|
| 718 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=bcrypt.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 719 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'bcrypt.dll' -> 'C:\Windows\system32\bcrypt.dll' [rcNt=0xc0150008]
|
|---|
| 720 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 721 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5c0000 'C:\Windows\system32\bcrypt.dll'
|
|---|
| 722 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=USERENV.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 723 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'USERENV.dll' -> 'C:\Windows\system32\USERENV.dll' [rcNt=0xc0150008]
|
|---|
| 724 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 725 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 726 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 727 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
|
|---|
| 728 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
|
|---|
| 729 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
|
|---|
| 730 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
|
|---|
| 731 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 732 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
|
|---|
| 733 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 734 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 735 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 736 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
|
|---|
| 737 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
|
|---|
| 738 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 739 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 740 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 741 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 742 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 743 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 744 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 745 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 746 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 747 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
|
|---|
| 748 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
|
|---|
| 749 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\USERENV.dll'
|
|---|
| 750 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 751 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 752 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 753 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 754 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=GPAPI.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 755 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'GPAPI.dll' -> 'C:\Windows\system32\GPAPI.dll' [rcNt=0xc0150008]
|
|---|
| 756 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 757 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 758 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 759 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 760 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
|
|---|
| 761 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
|
|---|
| 762 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 763 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 764 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 765 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 766 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 767 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 768 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 769 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefced0000 'C:\Windows\system32\GPAPI.dll'
|
|---|
| 770 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 771 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-Management-L1-1-0.dll'
|
|---|
| 772 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=rpcrt4.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 773 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008]
|
|---|
| 774 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 775 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe190000 'C:\Windows\system32\rpcrt4.dll'
|
|---|
| 776 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 777 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-Management-L2-1-0.dll'
|
|---|
| 778 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 779 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 780 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 781 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
|
|---|
| 782 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 783 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 784 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 785 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
|
|---|
| 786 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
|
|---|
| 787 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
|
|---|
| 788 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
|
|---|
| 789 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
|
|---|
| 790 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll'
|
|---|
| 791 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 792 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 793 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 794 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
|
|---|
| 795 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
|
|---|
| 796 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 797 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 798 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 799 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 800 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 801 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 802 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 803 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 804 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 805 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 806 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 807 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 808 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 809 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 810 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 811 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 812 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 813 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 814 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 815 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 816 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 817 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 818 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 819 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 820 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 821 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 822 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 823 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 824 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 825 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 826 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 827 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 828 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 829 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 830 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 831 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 832 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 833 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 834 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 835 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 836 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 837 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 838 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 839 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 840 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=SHLWAPI.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 841 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'SHLWAPI.dll' -> 'C:\Windows\system32\SHLWAPI.dll' [rcNt=0xc0150008]
|
|---|
| 842 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 843 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 844 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 845 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 846 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 847 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
|
|---|
| 848 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 849 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 850 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 851 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 852 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 853 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 854 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 855 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 856 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 857 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 858 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
|
|---|
| 859 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe860000 'C:\Windows\system32\SHLWAPI.dll'
|
|---|
| 860 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 861 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 862 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=profapi.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 863 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'profapi.dll' -> 'C:\Windows\system32\profapi.dll' [rcNt=0xc0150008]
|
|---|
| 864 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
|
|---|
| 865 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\profapi.dll'
|
|---|
| 866 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=setupapi.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 867 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'setupapi.dll' -> 'C:\Windows\system32\setupapi.dll' [rcNt=0xc0150008]
|
|---|
| 868 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 869 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 870 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
|
|---|
| 871 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
|
|---|
| 872 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
|
|---|
| 873 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 874 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
|
|---|
| 875 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 876 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
|
|---|
| 877 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
|
|---|
| 878 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 879 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
|
|---|
| 880 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
|
|---|
| 881 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 882 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 883 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 884 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
|
|---|
| 885 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
|
|---|
| 886 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
|
|---|
| 887 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 888 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 889 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 890 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 891 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 892 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 893 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 894 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
|
|---|
| 895 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
|
|---|
| 896 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
|
|---|
| 897 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 898 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 899 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 900 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 901 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 902 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 903 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 904 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 905 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 906 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 907 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 908 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 909 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 910 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 911 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
|
|---|
| 912 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 913 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 914 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 915 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 916 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 917 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
|
|---|
| 918 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
|
|---|
| 919 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 920 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 921 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 922 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 923 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 924 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 925 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 926 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 927 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 928 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 929 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 930 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 931 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 932 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 933 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 934 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 935 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 936 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 937 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 938 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 939 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 940 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 941 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 942 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 943 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 944 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 945 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 946 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
|
|---|
| 947 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 948 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
|
|---|
| 949 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 950 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 951 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
|
|---|
| 952 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
|
|---|
| 953 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 954 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 955 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 956 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 957 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 958 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 959 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 960 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 961 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 962 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 963 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 964 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 965 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 966 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 967 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 968 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
|
|---|
| 969 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 970 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077520000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 971 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe410000 'C:\Windows\system32\setupapi.dll'
|
|---|
| 972 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=Cabinet.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 973 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'Cabinet.dll' -> 'C:\Windows\system32\Cabinet.dll' [rcNt=0xc0150008]
|
|---|
| 974 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 975 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 976 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 977 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
|
|---|
| 978 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
|
|---|
| 979 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 980 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 981 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 982 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
|
|---|
| 983 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5f0000 'C:\Windows\system32\Cabinet.dll'
|
|---|
| 984 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=DEVRTL.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 985 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'DEVRTL.dll' -> 'C:\Windows\system32\DEVRTL.dll' [rcNt=0xc0150008]
|
|---|
| 986 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 987 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 988 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 989 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
|
|---|
| 990 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
|
|---|
| 991 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 992 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 993 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 994 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
|
|---|
| 995 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf10000 'C:\Windows\system32\DEVRTL.dll'
|
|---|
| 996 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 997 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008]
|
|---|
| 998 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 999 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 1000 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 1001 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000034cfd0
|
|---|
| 1002 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1003 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=866DDB003158E58EECBEE1A3E2C950A8A69F5DD3
|
|---|
| 1004 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1005 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 1006 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1007 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-Management-L1-1-0.dll'
|
|---|
| 1008 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1009 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
|
|---|
| 1010 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1011 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008]
|
|---|
| 1012 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 1013 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 1014 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1015 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
|
|---|
| 1016 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1017 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
|
|---|
| 1018 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_9_for_KB2582203~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 1019 | 19b4.1b7c: g_pfnWinVerifyTrust=000007fefde01010
|
|---|
| 1020 | 19b4.1b7c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 1021 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1022 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1023 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1024 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=182E6F79914D49DF28459DA814876FC993B84468
|
|---|
| 1025 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2615174~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 1026 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1027 | 19b4.1b7c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 1028 | 19b4.1b7c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 1029 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 1030 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1031 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1032 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBD5D88D100825A4A22743B0FD6EF53BF9B657CA
|
|---|
| 1033 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
|
|---|
| 1034 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1035 | 19b4.1b7c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
|
|---|
| 1036 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
|
|---|
| 1037 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1038 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1039 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
|
|---|
| 1040 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
|
|---|
| 1041 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1042 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
|
|---|
| 1043 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
|
|---|
| 1044 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1045 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1046 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
|
|---|
| 1047 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
|
|---|
| 1048 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1049 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
|
|---|
| 1050 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1051 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1052 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1053 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=53E7F399C252FCB2432CF12AE186607A29B05C3B
|
|---|
| 1054 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2545479~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1055 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1056 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1057 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
|
|---|
| 1058 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1059 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1060 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
|
|---|
| 1061 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
|
|---|
| 1062 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1063 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
|
|---|
| 1064 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1065 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1066 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1067 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
|
|---|
| 1068 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 1069 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1070 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 1071 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
|
|---|
| 1072 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1073 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1074 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
|
|---|
| 1075 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
|
|---|
| 1076 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1077 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
|
|---|
| 1078 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 1079 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1080 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1081 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61D2F3383797A6102BF0451CEA866AA3B25A1E3F
|
|---|
| 1082 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2619914~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
|
|---|
| 1083 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1084 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
|
|---|
| 1085 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 1086 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1087 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1088 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2874423413B01B4F590C81C426758DC75648AC1
|
|---|
| 1089 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2641618~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
|
|---|
| 1090 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1091 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
|
|---|
| 1092 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
|
|---|
| 1093 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1094 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1095 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE6BC64AA0324B995BE4547BD6D73C4E25E26059
|
|---|
| 1096 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2619880~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
|
|---|
| 1097 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1098 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
|
|---|
| 1099 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
|
|---|
| 1100 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1101 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1102 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
|
|---|
| 1103 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
|
|---|
| 1104 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1105 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
|
|---|
| 1106 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
|
|---|
| 1107 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1108 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1109 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
|
|---|
| 1110 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
|
|---|
| 1111 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1112 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
|
|---|
| 1113 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
|
|---|
| 1114 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1115 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1116 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
|
|---|
| 1117 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
|
|---|
| 1118 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1119 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
|
|---|
| 1120 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
|
|---|
| 1121 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1122 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1123 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FEBF1852D192776129DE4710CB4532A2C68E6045
|
|---|
| 1124 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2600484~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
|
|---|
| 1125 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1126 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
|
|---|
| 1127 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
|
|---|
| 1128 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
|
|---|
| 1129 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1130 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1131 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
|
|---|
| 1132 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 1133 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1134 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 1135 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
|
|---|
| 1136 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1137 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1138 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6346E2270FAE938CFE988BBF7992CC2F16FDD115
|
|---|
| 1139 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2785220~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
|
|---|
| 1140 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1141 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
|
|---|
| 1142 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
|
|---|
| 1143 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1144 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1145 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6B384589D138616B3DBEAC42A8B650E961A30F8B
|
|---|
| 1146 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2617157~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
|
|---|
| 1147 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1148 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
|
|---|
| 1149 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 1150 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1151 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1152 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
|
|---|
| 1153 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
|
|---|
| 1154 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1155 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
|
|---|
| 1156 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
|
|---|
| 1157 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1158 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1159 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3B6C4900AF128307B7F404C8B87D9E7709B2275
|
|---|
| 1160 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2618517~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
|
|---|
| 1161 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1162 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
|
|---|
| 1163 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
|
|---|
| 1164 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1165 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1166 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
|
|---|
| 1167 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
|
|---|
| 1168 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1169 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
|
|---|
| 1170 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1171 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1172 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1173 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=517060B6F77D7CE521D25C74F1334F818E554241
|
|---|
| 1174 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2616332~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1175 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1176 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1177 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1178 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1179 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1180 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=017D6732BF3C5BA133FC116F57D20B4FF549E1D9
|
|---|
| 1181 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_225_for_KB2627489~31bf3856ad364e35~amd64~~6.1.3.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1182 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1183 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1184 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
|
|---|
| 1185 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1186 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1187 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0A0F84DD55507C56A273E145872B7ECBEDE3F5
|
|---|
| 1188 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
|
|---|
| 1189 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1190 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
|
|---|
| 1191 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 1192 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1193 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1194 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8B34FD6019C12A3AD997917482F677B142DEDBE
|
|---|
| 1195 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2790113~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
|
|---|
| 1196 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1197 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
|
|---|
| 1198 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 1199 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1200 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1201 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
|
|---|
| 1202 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
|
|---|
| 1203 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1204 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
|
|---|
| 1205 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000010c pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
|
|---|
| 1206 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1207 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1208 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=462905914EA6B14B14AC7D6F2E4FC7460F1297EB
|
|---|
| 1209 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2616386~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
|
|---|
| 1210 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1211 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
|
|---|
| 1212 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1213 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1214 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1215 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0911C2AAF9631336FC8A74BC5D44A9932CBD6D3
|
|---|
| 1216 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2616386~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1217 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1218 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1219 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
|
|---|
| 1220 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000fc pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
|
|---|
| 1221 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1222 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1223 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
|
|---|
| 1224 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
|
|---|
| 1225 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1226 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
|
|---|
| 1227 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1228 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1229 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1230 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
|
|---|
| 1231 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1232 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1233 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1234 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
|
|---|
| 1235 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1236 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1237 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57F023F98C5CD166C8F956C91DEF2FA6CFDCA2E9
|
|---|
| 1238 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2480994~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 1239 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1240 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 1241 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d0 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 1242 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1243 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1244 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BF1CEBFCCC91A69A101A3E89AA84F6578572A78
|
|---|
| 1245 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB2619234~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 1246 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1247 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 1248 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 1249 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=000000000033efc0:C:\Windows\system32
|
|---|
| 1250 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1251 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1252 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 1253 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 1254 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 1255 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 1256 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 1257 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 1258 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
|
|---|
| 1259 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
|
|---|
| 1260 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 1261 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
|
|---|
| 1262 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 1263 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
|
|---|
| 1264 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 1265 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
|
|---|
| 1266 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 1267 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 1268 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 1269 | 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com
|
|---|
| 1270 | 19b4.1b7c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=18
|
|---|
| 1271 | 19b4.1b7c: SUPR3HardenedMain: Load Runtime...
|
|---|
| 1272 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c68c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32
|
|---|
| 1273 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1274 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 1275 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
|
|---|
| 1276 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
|
|---|
| 1277 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
|
|---|
| 1278 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1279 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1280 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 1281 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 1282 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1283 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
|
|---|
| 1284 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1285 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1286 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1287 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1288 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1289 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
|
|---|
| 1290 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
|
|---|
| 1291 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1292 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1293 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 1294 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
|
|---|
| 1295 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
|
|---|
| 1296 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1297 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1298 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll'
|
|---|
| 1299 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1300 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
|
|---|
| 1301 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1302 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1303 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1304 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
|
|---|
| 1305 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1306 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1307 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1308 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1309 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 1310 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
|
|---|
| 1311 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1312 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1313 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 1314 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1315 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1316 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
|
|---|
| 1317 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
|
|---|
| 1318 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1319 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust
|
|---|
| 1320 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 1321 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1322 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 1323 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 1324 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1325 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1326 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1327 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1328 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1329 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1330 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1331 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1332 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1333 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1334 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1335 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1336 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1337 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1338 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1339 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1340 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1341 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1342 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1343 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1344 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1345 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1346 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1347 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1348 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1349 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1350 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1351 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1352 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1353 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1354 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1355 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1356 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1357 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1358 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1359 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1360 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1361 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1362 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1363 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1364 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1365 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1366 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1367 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1368 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1369 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1370 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1371 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1372 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1373 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1374 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1375 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1376 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1377 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1378 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1379 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1380 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1381 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1382 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1383 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1384 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1385 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1386 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1387 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1388 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1389 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1390 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1391 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1392 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1393 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1394 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1395 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1396 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1397 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1398 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1399 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1400 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1401 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1402 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1403 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1404 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1405 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1406 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1407 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1408 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1409 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1410 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1411 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1412 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1413 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1414 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1415 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1416 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1417 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1418 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1419 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1420 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1421 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1422 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1423 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
|
|---|
| 1424 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1425 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1426 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 1427 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=00000000005ffc70:C:\Windows\system32
|
|---|
| 1428 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 1429 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 1430 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000005ffc70:C:\Windows\system32
|
|---|
| 1431 | 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1432 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1433 | 19b4.1b7c: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 1434 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=00000000002c68c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32
|
|---|
| 1435 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1436 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 1437 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
|
|---|
| 1438 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1439 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
|
|---|
| 1440 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
|
|---|
| 1441 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
|
|---|
| 1442 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
|
|---|
| 1443 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
|
|---|
| 1444 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
|
|---|
| 1445 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
|
|---|
| 1446 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
|
|---|
| 1447 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
|
|---|
| 1448 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
|
|---|
| 1449 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
|
|---|
| 1450 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
|
|---|
| 1451 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
|
|---|
| 1452 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
|
|---|
| 1453 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1454 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll'
|
|---|
| 1455 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1456 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1457 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1458 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1459 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1460 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1784364C88AA0D688F77B5F155A237A9A5826F3F
|
|---|
| 1461 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2538047~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
|
|---|
| 1462 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1463 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1464 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1465 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
|
|---|
| 1466 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1467 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
|
|---|
| 1468 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
|
|---|
| 1469 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1470 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1471 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
|
|---|
| 1472 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1473 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1474 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
|
|---|
| 1475 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
|
|---|
| 1476 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1477 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1478 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
|
|---|
| 1479 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1480 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
|
|---|
| 1481 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
|
|---|
| 1482 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 1483 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
|
|---|
| 1484 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
|
|---|
| 1485 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1486 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 1487 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1488 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1489 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1490 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1491 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1492 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
|
|---|
| 1493 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1494 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1495 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1496 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAA26A59ACB8916CC8B81C3CCE996E7AD5930E20
|
|---|
| 1497 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2691442~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
|
|---|
| 1498 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1499 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1500 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
|
|---|
| 1501 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
|
|---|
| 1502 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
|
|---|
| 1503 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust
|
|---|
| 1504 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1505 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1506 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1507 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1508 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1509 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1510 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1511 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1512 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1513 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1514 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
|
|---|
| 1515 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll'
|
|---|
| 1516 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1517 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 1518 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1519 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
|
|---|
| 1520 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
|
|---|
| 1521 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
|
|---|
| 1522 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
|
|---|
| 1523 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
|
|---|
| 1524 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
|
|---|
| 1525 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll'
|
|---|
| 1526 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
|
|---|
| 1527 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
|
|---|
| 1528 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
|
|---|
| 1529 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
|
|---|
| 1530 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
|
|---|
| 1531 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
|
|---|
| 1532 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll'
|
|---|
| 1533 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1534 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
|
|---|
| 1535 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
|
|---|
| 1536 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 1537 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 1538 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
|
|---|
| 1539 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
|
|---|
| 1540 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
|
|---|
| 1541 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
|
|---|
| 1542 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
|
|---|
| 1543 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
|
|---|
| 1544 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
|
|---|
| 1545 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
|
|---|
| 1546 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
|
|---|
| 1547 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
|
|---|
| 1548 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
|
|---|
| 1549 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
|
|---|
| 1550 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1551 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
|
|---|
| 1552 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 1553 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
|
|---|
| 1554 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1555 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1556 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
|
|---|
| 1557 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
|
|---|
| 1558 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1559 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1560 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1561 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1562 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll'
|
|---|
| 1563 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1564 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1565 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll'
|
|---|
| 1566 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 1567 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1568 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1569 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1570 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1571 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1572 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1573 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1574 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
|
|---|
| 1575 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1576 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1577 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1578 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 1579 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
|
|---|
| 1580 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
|
|---|
| 1581 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
|
|---|
| 1582 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
|
|---|
| 1583 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust
|
|---|
| 1584 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1585 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1586 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1587 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1588 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
|
|---|
| 1589 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
|
|---|
| 1590 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1591 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1592 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1593 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1594 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1595 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
|
|---|
| 1596 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
|
|---|
| 1597 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1598 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1599 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1600 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
|
|---|
| 1601 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1602 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 1603 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
|
|---|
| 1604 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust
|
|---|
| 1605 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1606 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1607 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
|
|---|
| 1608 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1609 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1610 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1611 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1612 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1613 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E828B863A516A49953338306D078BFA6CC3CA490
|
|---|
| 1614 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2466493~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
|
|---|
| 1615 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1616 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1617 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1618 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1619 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust
|
|---|
| 1620 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1621 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1622 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1623 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1624 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1625 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1626 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1627 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1628 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1629 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1630 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1631 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1632 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1633 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1634 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll'
|
|---|
| 1635 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1636 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1637 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
|
|---|
| 1638 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1639 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1640 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1641 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1642 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1643 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1644 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1645 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1646 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1647 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1648 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1649 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1650 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1651 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1652 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll'
|
|---|
| 1653 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1654 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
|
|---|
| 1655 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
|
|---|
| 1656 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
|
|---|
| 1657 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1658 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
|
|---|
| 1659 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1660 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1661 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1662 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1663 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1664 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1665 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1666 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1667 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1668 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1669 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
|
|---|
| 1670 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv'
|
|---|
| 1671 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1672 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1673 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
|
|---|
| 1674 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1675 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1676 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00BDDD44BABBCB727197D19CDB20F70547BD1958
|
|---|
| 1677 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2542200~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
|
|---|
| 1678 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1679 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1680 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1681 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 1682 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust
|
|---|
| 1683 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
|
|---|
| 1684 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1685 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll'
|
|---|
| 1686 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1687 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 1688 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
|
|---|
| 1689 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 1690 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1691 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 1692 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1693 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
|
|---|
| 1694 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
|
|---|
| 1695 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
|
|---|
| 1696 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1697 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1698 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1699 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1700 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1701 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1702 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
|
|---|
| 1703 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
|
|---|
| 1704 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
|
|---|
| 1705 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1706 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
|
|---|
| 1707 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1708 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1709 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1710 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 1711 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
|
|---|
| 1712 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll'
|
|---|
| 1713 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
|
|---|
| 1714 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
|
|---|
| 1715 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll'
|
|---|
| 1716 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
|
|---|
| 1717 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1718 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1719 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1720 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1721 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1722 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1723 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1724 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1725 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1726 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1727 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1728 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1729 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1730 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1731 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1732 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 1733 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
|
|---|
| 1734 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 1735 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1736 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1737 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1738 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1739 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
|
|---|
| 1740 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1741 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
|
|---|
| 1742 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
|
|---|
| 1743 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1744 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1745 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
|
|---|
| 1746 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1747 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1748 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
|
|---|
| 1749 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
|
|---|
| 1750 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1751 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 1752 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1753 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1754 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust
|
|---|
| 1755 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
|
|---|
| 1756 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1757 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1758 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1759 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1760 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1761 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1762 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 1763 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
|
|---|
| 1764 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 1765 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1766 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1767 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1768 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1769 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1770 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1771 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1772 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1773 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1774 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1775 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1776 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1777 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1778 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1779 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1780 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1781 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1782 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1783 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1784 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1785 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1786 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1787 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1788 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1789 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1790 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1791 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1792 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1793 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1794 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1795 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1796 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1797 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1798 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1799 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1800 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1801 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
|
|---|
| 1802 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
|
|---|
| 1803 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1804 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1805 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000554 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1806 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1807 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1808 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
|
|---|
| 1809 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
|
|---|
| 1810 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1811 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1812 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1813 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1814 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust
|
|---|
| 1815 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1816 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 1817 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
|
|---|
| 1818 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 1819 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1820 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1821 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1822 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
|
|---|
| 1823 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
|
|---|
| 1824 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1825 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1826 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000550 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1827 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0
|
|---|
| 1828 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0
|
|---|
| 1829 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
|
|---|
| 1830 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
|
|---|
| 1831 | 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1832 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1833 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
|
|---|
| 1834 | 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1835 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust
|
|---|
| 1836 | 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1837 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1838 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1839 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1840 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1841 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1842 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1843 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1844 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1845 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1846 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1847 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1848 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1849 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1850 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1851 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1852 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1853 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1854 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1855 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1856 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1857 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1858 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1859 | 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1860 | 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1861 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
|
|---|
| 1862 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1863 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1864 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1865 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1866 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1867 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
|
|---|
| 1868 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
|
|---|
| 1869 | 19b4.1b7c: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00)
|
|---|
| 1870 | 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
|
|---|
| 1871 | 19b4.1b7c: Error (rc=0):
|
|---|
| 1872 | 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0xf fAccess=0x10 \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'.
|
|---|
| 1873 | 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
|
|---|
| 1874 | 19b4.1b7c: Fatal error:
|
|---|
| 1875 | 19b4.1b7c: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790
|
|---|
| 1876 | 1900.1b10: supR3HardenedWinDoReSpawn(2): Quitting: ExitCode=0x1 rcNt=0x0
|
|---|
| 1877 | e54.10c: supR3HardenedWinDoReSpawn(1): Quitting: ExitCode=0x1 rcNt=0x0
|
|---|