| 1 | 1158.2bcc: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
|
|---|
| 2 | 1158.2bcc: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 1158.2bcc: CreationTime: 2018-05-12T15:55:16.869061300Z
|
|---|
| 4 | 1158.2bcc: LastWriteTime: 2018-04-15T21:49:20.567835100Z
|
|---|
| 5 | 1158.2bcc: ChangeTime: 2018-05-12T22:01:25.127612500Z
|
|---|
| 6 | 1158.2bcc: FileAttributes: 0x20
|
|---|
| 7 | 1158.2bcc: Size: 0x1dd108
|
|---|
| 8 | 1158.2bcc: NT Headers: 0xe0
|
|---|
| 9 | 1158.2bcc: Timestamp: 0xd826f10d
|
|---|
| 10 | 1158.2bcc: Machine: 0x8664 - amd64
|
|---|
| 11 | 1158.2bcc: Timestamp: 0xd826f10d
|
|---|
| 12 | 1158.2bcc: Image Version: 10.0
|
|---|
| 13 | 1158.2bcc: SizeOfImage: 0x1e0000 (1966080)
|
|---|
| 14 | 1158.2bcc: Resource Dir: 0x174000 LB 0x6a1d8
|
|---|
| 15 | 1158.2bcc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 1158.2bcc: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 1158.2bcc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 1158.2bcc: ProductVersion: 10.0.16299.402
|
|---|
| 19 | 1158.2bcc: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
|
|---|
| 20 | 1158.2bcc: FileDescription: NT Layer DLL
|
|---|
| 21 | 1158.2bcc: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 1158.2bcc: CreationTime: 2018-05-12T15:52:09.711235800Z
|
|---|
| 23 | 1158.2bcc: LastWriteTime: 2018-05-03T07:43:30.892187700Z
|
|---|
| 24 | 1158.2bcc: ChangeTime: 2018-05-12T22:01:16.470159100Z
|
|---|
| 25 | 1158.2bcc: FileAttributes: 0x20
|
|---|
| 26 | 1158.2bcc: Size: 0xab868
|
|---|
| 27 | 1158.2bcc: NT Headers: 0xe8
|
|---|
| 28 | 1158.2bcc: Timestamp: 0x309fae94
|
|---|
| 29 | 1158.2bcc: Machine: 0x8664 - amd64
|
|---|
| 30 | 1158.2bcc: Timestamp: 0x309fae94
|
|---|
| 31 | 1158.2bcc: Image Version: 10.0
|
|---|
| 32 | 1158.2bcc: SizeOfImage: 0xae000 (712704)
|
|---|
| 33 | 1158.2bcc: Resource Dir: 0xac000 LB 0x520
|
|---|
| 34 | 1158.2bcc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 1158.2bcc: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 1158.2bcc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 1158.2bcc: ProductVersion: 10.0.16299.431
|
|---|
| 38 | 1158.2bcc: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
|
|---|
| 39 | 1158.2bcc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 1158.2bcc: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 1158.2bcc: CreationTime: 2018-05-12T15:54:58.795535300Z
|
|---|
| 42 | 1158.2bcc: LastWriteTime: 2018-04-15T21:51:08.343639800Z
|
|---|
| 43 | 1158.2bcc: ChangeTime: 2018-05-12T22:01:23.722066200Z
|
|---|
| 44 | 1158.2bcc: FileAttributes: 0x20
|
|---|
| 45 | 1158.2bcc: Size: 0x265c00
|
|---|
| 46 | 1158.2bcc: NT Headers: 0xf0
|
|---|
| 47 | 1158.2bcc: Timestamp: 0xde35406a
|
|---|
| 48 | 1158.2bcc: Machine: 0x8664 - amd64
|
|---|
| 49 | 1158.2bcc: Timestamp: 0xde35406a
|
|---|
| 50 | 1158.2bcc: Image Version: 10.0
|
|---|
| 51 | 1158.2bcc: SizeOfImage: 0x266000 (2514944)
|
|---|
| 52 | 1158.2bcc: Resource Dir: 0x245000 LB 0x548
|
|---|
| 53 | 1158.2bcc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 1158.2bcc: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 1158.2bcc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 1158.2bcc: ProductVersion: 10.0.16299.402
|
|---|
| 57 | 1158.2bcc: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
|
|---|
| 58 | 1158.2bcc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 1158.2bcc: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 1158.2bcc: CreationTime: 2017-09-29T13:42:07.095026600Z
|
|---|
| 61 | 1158.2bcc: LastWriteTime: 2017-09-29T13:42:07.095026600Z
|
|---|
| 62 | 1158.2bcc: ChangeTime: 2018-05-12T16:19:54.262649500Z
|
|---|
| 63 | 1158.2bcc: FileAttributes: 0x20
|
|---|
| 64 | 1158.2bcc: Size: 0x1b398
|
|---|
| 65 | 1158.2bcc: NT Headers: 0xc8
|
|---|
| 66 | 1158.2bcc: Timestamp: 0xf30abf31
|
|---|
| 67 | 1158.2bcc: Machine: 0x8664 - amd64
|
|---|
| 68 | 1158.2bcc: Timestamp: 0xf30abf31
|
|---|
| 69 | 1158.2bcc: Image Version: 10.0
|
|---|
| 70 | 1158.2bcc: SizeOfImage: 0x1c000 (114688)
|
|---|
| 71 | 1158.2bcc: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 72 | 1158.2bcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 1158.2bcc: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 1158.2bcc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 1158.2bcc: ProductVersion: 10.0.16299.15
|
|---|
| 76 | 1158.2bcc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
|
|---|
| 77 | 1158.2bcc: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 1158.2bcc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 79 | 1158.2bcc: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 80 | 1158.2bcc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 81 | 1158.2bcc: Calling main()
|
|---|
| 82 | 1158.2bcc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 83 | 1158.2bcc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 84 | 1158.2bcc: SUPR3HardenedMain: Respawn #1
|
|---|
| 85 | 1158.2bcc: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 86 | 1158.2bcc: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 87 | 1158.2bcc: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 88 | 1158.2bcc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 89 | 1158.2bcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 90 | 1158.2bcc: supR3HardNtEnableThreadCreation:
|
|---|
| 91 | 1158.2bcc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
|
|---|
| 92 | 1158.2bcc: supR3HardenedWinDoReSpawn(1): New child 1a70.1930 [kernel32].
|
|---|
| 93 | 1158.2bcc: supR3HardNtChildGatherData: PebBaseAddress=000000000070d000 cbPeb=0x388
|
|---|
| 94 | 1158.2bcc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffaeaf40000 uNtDllChildAddr=00007ffaeaf40000
|
|---|
| 95 | 1158.2bcc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffaeafb9280
|
|---|
| 96 | 1158.2bcc: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 97 | 1158.2bcc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 98 | 1158.2bcc: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 31 sleeps
|
|---|
| 99 | 1158.2bcc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 100 | 1158.2bcc: *0000000000000000-000000000042ffff 0x0001/0x0000 0x0000000
|
|---|
| 101 | 1158.2bcc: *0000000000430000-000000000044ffff 0x0004/0x0004 0x0020000
|
|---|
| 102 | 1158.2bcc: *0000000000450000-0000000000468fff 0x0002/0x0002 0x0040000
|
|---|
| 103 | 1158.2bcc: 0000000000469000-000000000046ffff 0x0001/0x0000 0x0000000
|
|---|
| 104 | 1158.2bcc: *0000000000470000-000000000056afff 0x0000/0x0004 0x0020000
|
|---|
| 105 | 1158.2bcc: 000000000056b000-000000000056dfff 0x0104/0x0004 0x0020000
|
|---|
| 106 | 1158.2bcc: 000000000056e000-000000000056ffff 0x0004/0x0004 0x0020000
|
|---|
| 107 | 1158.2bcc: *0000000000570000-0000000000573fff 0x0002/0x0002 0x0040000
|
|---|
| 108 | 1158.2bcc: 0000000000574000-000000000057ffff 0x0001/0x0000 0x0000000
|
|---|
| 109 | 1158.2bcc: *0000000000580000-0000000000580fff 0x0004/0x0004 0x0020000
|
|---|
| 110 | 1158.2bcc: 0000000000581000-00000000005fffff 0x0001/0x0000 0x0000000
|
|---|
| 111 | 1158.2bcc: *0000000000600000-000000000070cfff 0x0000/0x0004 0x0020000
|
|---|
| 112 | 1158.2bcc: 000000000070d000-000000000070ffff 0x0004/0x0004 0x0020000
|
|---|
| 113 | 1158.2bcc: 0000000000710000-00000000007fffff 0x0000/0x0004 0x0020000
|
|---|
| 114 | 1158.2bcc: 0000000000800000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 115 | 1158.2bcc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 116 | 1158.2bcc: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
|
|---|
| 117 | 1158.2bcc: 000000007fff0000-00007ff74ae6ffff 0x0001/0x0000 0x0000000
|
|---|
| 118 | 1158.2bcc: *00007ff74ae70000-00007ff74ae92fff 0x0002/0x0002 0x0040000
|
|---|
| 119 | 1158.2bcc: 00007ff74ae93000-00007ff74b69ffff 0x0001/0x0000 0x0000000
|
|---|
| 120 | 1158.2bcc: *00007ff74b6a0000-00007ff74b6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 121 | 1158.2bcc: 00007ff74b6a1000-00007ff74b711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 122 | 1158.2bcc: 00007ff74b712000-00007ff74b712fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 123 | 1158.2bcc: 00007ff74b713000-00007ff74b758fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 124 | 1158.2bcc: 00007ff74b759000-00007ff74b759fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 125 | 1158.2bcc: 00007ff74b75a000-00007ff74b75afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 126 | 1158.2bcc: 00007ff74b75b000-00007ff74b75ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 127 | 1158.2bcc: 00007ff74b760000-00007ff74b760fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 128 | 1158.2bcc: 00007ff74b761000-00007ff74b761fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 129 | 1158.2bcc: 00007ff74b762000-00007ff74b765fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 130 | 1158.2bcc: 00007ff74b766000-00007ff74b7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 131 | 1158.2bcc: 00007ff74b7ae000-00007ffaeaf3ffff 0x0001/0x0000 0x0000000
|
|---|
| 132 | 1158.2bcc: *00007ffaeaf40000-00007ffaeaf40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 133 | 1158.2bcc: 00007ffaeaf41000-00007ffaeb052fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 134 | 1158.2bcc: 00007ffaeb053000-00007ffaeb098fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 135 | 1158.2bcc: 00007ffaeb099000-00007ffaeb0a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 136 | 1158.2bcc: 00007ffaeb0a1000-00007ffaeb0aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 137 | 1158.2bcc: 00007ffaeb0af000-00007ffaeb0affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 138 | 1158.2bcc: 00007ffaeb0b0000-00007ffaeb0b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 139 | 1158.2bcc: 00007ffaeb0b3000-00007ffaeb11ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 140 | 1158.2bcc: 00007ffaeb120000-00007ffffffdffff 0x0001/0x0000 0x0000000
|
|---|
| 141 | 1158.2bcc: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
|
|---|
| 142 | 1158.2bcc: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
|
|---|
| 143 | 1158.2bcc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 144 | 1158.2bcc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 145 | 1158.2bcc: supR3HardNtChildPurify: Done after 413 ms and 0 fixes (loop #0).
|
|---|
| 146 | 1a70.1930: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
|
|---|
| 147 | 1a70.1930: supR3HardenedVmProcessInit: uNtDllAddr=00007ffaeaf40000 g_uNtVerCombined=0xa03fab00
|
|---|
| 148 | 1158.2bcc: supR3HardNtEnableThreadCreation:
|
|---|
| 149 | 1a70.1930: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS)
|
|---|
| 150 | 1a70.1930: New simple heap: #1 0000000000900000 LB 0x400000 (for 1966080 allocation)
|
|---|
| 151 | 1a70.1930: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 152 | 1a70.1930: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 153 | 1a70.1930: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 154 | 1a70.1930: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 155 | 1a70.1930: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 156 | 1a70.1930: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 157 | 1a70.1930: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 158 | 1a70.1930: Registered Dll notification callback with NTDLL.
|
|---|
| 159 | 1a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
|
|---|
| 160 | 1a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 161 | 1a70.1930: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 162 | 1a70.1930: supR3HardenedDllNotificationCallback: load 00007ffae7ce0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 163 | 1a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
|
|---|
| 164 | 1a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 165 | 1a70.1930: supR3HardenedDllNotificationCallback: load 00007ffaea390000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 166 | 1a70.1930: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 167 | 1a70.1930: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\KERNEL32.DLL'
|
|---|
| 168 | 1a70.1930: supR3HardenedDllNotificationCallback: load 00007ff74b6a0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
|
|---|
| 169 | 1a70.1930: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 170 | 1a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 171 | 1a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 172 | 1a70.1930: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
|
|---|
| 173 | 1158.2bcc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 397 ms.
|
|---|
| 174 | 1a70.1930: \SystemRoot\System32\ntdll.dll:
|
|---|
| 175 | 1a70.1930: CreationTime: 2018-05-12T15:55:16.869061300Z
|
|---|
| 176 | 1a70.1930: LastWriteTime: 2018-04-15T21:49:20.567835100Z
|
|---|
| 177 | 1a70.1930: ChangeTime: 2018-05-12T22:01:25.127612500Z
|
|---|
| 178 | 1a70.1930: FileAttributes: 0x20
|
|---|
| 179 | 1a70.1930: Size: 0x1dd108
|
|---|
| 180 | 1a70.1930: NT Headers: 0xe0
|
|---|
| 181 | 1a70.1930: Timestamp: 0xd826f10d
|
|---|
| 182 | 1a70.1930: Machine: 0x8664 - amd64
|
|---|
| 183 | 1a70.1930: Timestamp: 0xd826f10d
|
|---|
| 184 | 1a70.1930: Image Version: 10.0
|
|---|
| 185 | 1a70.1930: SizeOfImage: 0x1e0000 (1966080)
|
|---|
| 186 | 1a70.1930: Resource Dir: 0x174000 LB 0x6a1d8
|
|---|
| 187 | 1a70.1930: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 188 | 1a70.1930: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 189 | 1a70.1930: ProductName: Microsoft® Windows® Operating System
|
|---|
| 190 | 1a70.1930: ProductVersion: 10.0.16299.402
|
|---|
| 191 | 1a70.1930: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
|
|---|
| 192 | 1a70.1930: FileDescription: NT Layer DLL
|
|---|
| 193 | 1a70.1930: \SystemRoot\System32\kernel32.dll:
|
|---|
| 194 | 1a70.1930: CreationTime: 2018-05-12T15:52:09.711235800Z
|
|---|
| 195 | 1a70.1930: LastWriteTime: 2018-05-03T07:43:30.892187700Z
|
|---|
| 196 | 1a70.1930: ChangeTime: 2018-05-12T22:01:16.470159100Z
|
|---|
| 197 | 1a70.1930: FileAttributes: 0x20
|
|---|
| 198 | 1a70.1930: Size: 0xab868
|
|---|
| 199 | 1a70.1930: NT Headers: 0xe8
|
|---|
| 200 | 1a70.1930: Timestamp: 0x309fae94
|
|---|
| 201 | 1a70.1930: Machine: 0x8664 - amd64
|
|---|
| 202 | 1a70.1930: Timestamp: 0x309fae94
|
|---|
| 203 | 1a70.1930: Image Version: 10.0
|
|---|
| 204 | 1a70.1930: SizeOfImage: 0xae000 (712704)
|
|---|
| 205 | 1a70.1930: Resource Dir: 0xac000 LB 0x520
|
|---|
| 206 | 1a70.1930: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 207 | 1a70.1930: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 208 | 1a70.1930: ProductName: Microsoft® Windows® Operating System
|
|---|
| 209 | 1a70.1930: ProductVersion: 10.0.16299.431
|
|---|
| 210 | 1a70.1930: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
|
|---|
| 211 | 1a70.1930: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 212 | 1a70.1930: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 213 | 1a70.1930: CreationTime: 2018-05-12T15:54:58.795535300Z
|
|---|
| 214 | 1a70.1930: LastWriteTime: 2018-04-15T21:51:08.343639800Z
|
|---|
| 215 | 1a70.1930: ChangeTime: 2018-05-12T22:01:23.722066200Z
|
|---|
| 216 | 1a70.1930: FileAttributes: 0x20
|
|---|
| 217 | 1a70.1930: Size: 0x265c00
|
|---|
| 218 | 1a70.1930: NT Headers: 0xf0
|
|---|
| 219 | 1a70.1930: Timestamp: 0xde35406a
|
|---|
| 220 | 1a70.1930: Machine: 0x8664 - amd64
|
|---|
| 221 | 1a70.1930: Timestamp: 0xde35406a
|
|---|
| 222 | 1a70.1930: Image Version: 10.0
|
|---|
| 223 | 1a70.1930: SizeOfImage: 0x266000 (2514944)
|
|---|
| 224 | 1a70.1930: Resource Dir: 0x245000 LB 0x548
|
|---|
| 225 | 1a70.1930: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 226 | 1a70.1930: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 227 | 1a70.1930: ProductName: Microsoft® Windows® Operating System
|
|---|
| 228 | 1a70.1930: ProductVersion: 10.0.16299.402
|
|---|
| 229 | 1a70.1930: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
|
|---|
| 230 | 1a70.1930: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 231 | 1a70.1930: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 232 | 1a70.1930: CreationTime: 2017-09-29T13:42:07.095026600Z
|
|---|
| 233 | 1a70.1930: LastWriteTime: 2017-09-29T13:42:07.095026600Z
|
|---|
| 234 | 1a70.1930: ChangeTime: 2018-05-12T16:19:54.262649500Z
|
|---|
| 235 | 1a70.1930: FileAttributes: 0x20
|
|---|
| 236 | 1a70.1930: Size: 0x1b398
|
|---|
| 237 | 1a70.1930: NT Headers: 0xc8
|
|---|
| 238 | 1a70.1930: Timestamp: 0xf30abf31
|
|---|
| 239 | 1a70.1930: Machine: 0x8664 - amd64
|
|---|
| 240 | 1a70.1930: Timestamp: 0xf30abf31
|
|---|
| 241 | 1a70.1930: Image Version: 10.0
|
|---|
| 242 | 1a70.1930: SizeOfImage: 0x1c000 (114688)
|
|---|
| 243 | 1a70.1930: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 244 | 1a70.1930: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 245 | 1a70.1930: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 246 | 1a70.1930: ProductName: Microsoft® Windows® Operating System
|
|---|
| 247 | 1a70.1930: ProductVersion: 10.0.16299.15
|
|---|
| 248 | 1a70.1930: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
|
|---|
| 249 | 1a70.1930: FileDescription: ApiSet Schema DLL
|
|---|
| 250 | 1a70.1930: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 251 | 1a70.1930: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 252 | 1a70.1930: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 253 | 1a70.1930: Calling main()
|
|---|
| 254 | 1a70.1930: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 255 | 1a70.1930: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 256 | 1a70.1930: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 257 | 1a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 258 | 1a70.1930: SUPR3HardenedMain: Respawn #2
|
|---|
| 259 | 1a70.1930: supR3HardNtEnableThreadCreation:
|
|---|
| 260 | 1a70.1930: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 261 | 1a70.1930: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
|
|---|
| 262 | 1a70.1930: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 263 | 1a70.1930: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 264 | 1a70.1930: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeaf40000 'C:\WINDOWS\System32\ntdll.dll'
|
|---|
| 265 | 1a70.1930: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
|
|---|
| 266 | 1a70.1930: supR3HardenedWinDoReSpawn(2): New child 2f44.2ad4 [kernel32].
|
|---|
| 267 | 1a70.1930: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 268 | 1a70.1930: supR3HardNtChildGatherData: PebBaseAddress=0000000000298000 cbPeb=0x388
|
|---|
| 269 | 1a70.1930: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffaeaf40000 uNtDllChildAddr=00007ffaeaf40000
|
|---|
| 270 | 1a70.1930: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffaeafb9280
|
|---|
| 271 | 1a70.1930: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 272 | 1a70.1930: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
|
|---|
| 273 | 1a70.1930: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 30 sleeps
|
|---|
| 274 | 1a70.1930: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 275 | 1a70.1930: *0000000000000000-000000000003ffff 0x0001/0x0000 0x0000000
|
|---|
| 276 | 1a70.1930: *0000000000040000-000000000005ffff 0x0004/0x0004 0x0020000
|
|---|
| 277 | 1a70.1930: *0000000000060000-0000000000078fff 0x0002/0x0002 0x0040000
|
|---|
| 278 | 1a70.1930: 0000000000079000-000000000007ffff 0x0001/0x0000 0x0000000
|
|---|
| 279 | 1a70.1930: *0000000000080000-000000000017afff 0x0000/0x0004 0x0020000
|
|---|
| 280 | 1a70.1930: 000000000017b000-000000000017dfff 0x0104/0x0004 0x0020000
|
|---|
| 281 | 1a70.1930: 000000000017e000-000000000017ffff 0x0004/0x0004 0x0020000
|
|---|
| 282 | 1a70.1930: *0000000000180000-0000000000183fff 0x0002/0x0002 0x0040000
|
|---|
| 283 | 1a70.1930: 0000000000184000-000000000018ffff 0x0001/0x0000 0x0000000
|
|---|
| 284 | 1a70.1930: *0000000000190000-0000000000190fff 0x0004/0x0004 0x0020000
|
|---|
| 285 | 1a70.1930: 0000000000191000-00000000001fffff 0x0001/0x0000 0x0000000
|
|---|
| 286 | 1a70.1930: *0000000000200000-0000000000297fff 0x0000/0x0004 0x0020000
|
|---|
| 287 | 1a70.1930: 0000000000298000-000000000029afff 0x0004/0x0004 0x0020000
|
|---|
| 288 | 1a70.1930: 000000000029b000-00000000003fffff 0x0000/0x0004 0x0020000
|
|---|
| 289 | 1a70.1930: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 290 | 1a70.1930: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 291 | 1a70.1930: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
|
|---|
| 292 | 1a70.1930: 000000007fff0000-00007ff74a90ffff 0x0001/0x0000 0x0000000
|
|---|
| 293 | 1a70.1930: *00007ff74a910000-00007ff74a932fff 0x0002/0x0002 0x0040000
|
|---|
| 294 | 1a70.1930: 00007ff74a933000-00007ff74b69ffff 0x0001/0x0000 0x0000000
|
|---|
| 295 | 1a70.1930: *00007ff74b6a0000-00007ff74b6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 296 | 1a70.1930: 00007ff74b6a1000-00007ff74b711fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 297 | 1a70.1930: 00007ff74b712000-00007ff74b712fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 298 | 1a70.1930: 00007ff74b713000-00007ff74b758fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 299 | 1a70.1930: 00007ff74b759000-00007ff74b759fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 300 | 1a70.1930: 00007ff74b75a000-00007ff74b75afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 301 | 1a70.1930: 00007ff74b75b000-00007ff74b75ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 302 | 1a70.1930: 00007ff74b760000-00007ff74b760fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 303 | 1a70.1930: 00007ff74b761000-00007ff74b761fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 304 | 1a70.1930: 00007ff74b762000-00007ff74b765fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 305 | 1a70.1930: 00007ff74b766000-00007ff74b7adfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 306 | 1a70.1930: 00007ff74b7ae000-00007ffaeaf3ffff 0x0001/0x0000 0x0000000
|
|---|
| 307 | 1a70.1930: *00007ffaeaf40000-00007ffaeaf40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 308 | 1a70.1930: 00007ffaeaf41000-00007ffaeb052fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 309 | 1a70.1930: 00007ffaeb053000-00007ffaeb098fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 310 | 1a70.1930: 00007ffaeb099000-00007ffaeb0a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 311 | 1a70.1930: 00007ffaeb0a1000-00007ffaeb0aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 312 | 1a70.1930: 00007ffaeb0af000-00007ffaeb0affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 313 | 1a70.1930: 00007ffaeb0b0000-00007ffaeb0b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 314 | 1a70.1930: 00007ffaeb0b3000-00007ffaeb11ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 315 | 1a70.1930: 00007ffaeb120000-00007ffffffdffff 0x0001/0x0000 0x0000000
|
|---|
| 316 | 1a70.1930: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
|
|---|
| 317 | 1a70.1930: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
|
|---|
| 318 | 1a70.1930: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 319 | 1a70.1930: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 320 | 1a70.1930: supR3HardNtChildPurify: Done after 417 ms and 0 fixes (loop #0).
|
|---|
| 321 | 1a70.1930: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
|
|---|
| 322 | 2f44.2ad4: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
|
|---|
| 323 | 2f44.2ad4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffaeaf40000 g_uNtVerCombined=0xa03fab00
|
|---|
| 324 | 1a70.1930: supR3HardNtEnableThreadCreation:
|
|---|
| 325 | 2f44.2ad4: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS)
|
|---|
| 326 | 2f44.2ad4: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation)
|
|---|
| 327 | 2f44.2ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 328 | 2f44.2ad4: System32: \Device\HarddiskVolume3\Windows\System32
|
|---|
| 329 | 2f44.2ad4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
|
|---|
| 330 | 2f44.2ad4: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 331 | 2f44.2ad4: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 332 | 2f44.2ad4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 333 | 2f44.2ad4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 334 | 2f44.2ad4: Registered Dll notification callback with NTDLL.
|
|---|
| 335 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
|
|---|
| 336 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 337 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 338 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7ce0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 339 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
|
|---|
| 340 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
|
|---|
| 341 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea390000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 342 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 343 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\KERNEL32.DLL'
|
|---|
| 344 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ff74b6a0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
|
|---|
| 345 | 2f44.2ad4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 346 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 347 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 348 | 2f44.2ad4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffaeafb9280 pvNtTerminateThread=00007ffaeafe0d10
|
|---|
| 349 | 1a70.1930: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 438 ms.
|
|---|
| 350 | 2f44.2ad4: \SystemRoot\System32\ntdll.dll:
|
|---|
| 351 | 2f44.2ad4: CreationTime: 2018-05-12T15:55:16.869061300Z
|
|---|
| 352 | 2f44.2ad4: LastWriteTime: 2018-04-15T21:49:20.567835100Z
|
|---|
| 353 | 2f44.2ad4: ChangeTime: 2018-05-12T22:01:25.127612500Z
|
|---|
| 354 | 2f44.2ad4: FileAttributes: 0x20
|
|---|
| 355 | 2f44.2ad4: Size: 0x1dd108
|
|---|
| 356 | 2f44.2ad4: NT Headers: 0xe0
|
|---|
| 357 | 2f44.2ad4: Timestamp: 0xd826f10d
|
|---|
| 358 | 2f44.2ad4: Machine: 0x8664 - amd64
|
|---|
| 359 | 2f44.2ad4: Timestamp: 0xd826f10d
|
|---|
| 360 | 2f44.2ad4: Image Version: 10.0
|
|---|
| 361 | 2f44.2ad4: SizeOfImage: 0x1e0000 (1966080)
|
|---|
| 362 | 2f44.2ad4: Resource Dir: 0x174000 LB 0x6a1d8
|
|---|
| 363 | 2f44.2ad4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 364 | 2f44.2ad4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 365 | 2f44.2ad4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 366 | 2f44.2ad4: ProductVersion: 10.0.16299.402
|
|---|
| 367 | 2f44.2ad4: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
|
|---|
| 368 | 2f44.2ad4: FileDescription: NT Layer DLL
|
|---|
| 369 | 2f44.2ad4: \SystemRoot\System32\kernel32.dll:
|
|---|
| 370 | 2f44.2ad4: CreationTime: 2018-05-12T15:52:09.711235800Z
|
|---|
| 371 | 2f44.2ad4: LastWriteTime: 2018-05-03T07:43:30.892187700Z
|
|---|
| 372 | 2f44.2ad4: ChangeTime: 2018-05-12T22:01:16.470159100Z
|
|---|
| 373 | 2f44.2ad4: FileAttributes: 0x20
|
|---|
| 374 | 2f44.2ad4: Size: 0xab868
|
|---|
| 375 | 2f44.2ad4: NT Headers: 0xe8
|
|---|
| 376 | 2f44.2ad4: Timestamp: 0x309fae94
|
|---|
| 377 | 2f44.2ad4: Machine: 0x8664 - amd64
|
|---|
| 378 | 2f44.2ad4: Timestamp: 0x309fae94
|
|---|
| 379 | 2f44.2ad4: Image Version: 10.0
|
|---|
| 380 | 2f44.2ad4: SizeOfImage: 0xae000 (712704)
|
|---|
| 381 | 2f44.2ad4: Resource Dir: 0xac000 LB 0x520
|
|---|
| 382 | 2f44.2ad4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 383 | 2f44.2ad4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 384 | 2f44.2ad4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 385 | 2f44.2ad4: ProductVersion: 10.0.16299.431
|
|---|
| 386 | 2f44.2ad4: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
|
|---|
| 387 | 2f44.2ad4: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 388 | 2f44.2ad4: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 389 | 2f44.2ad4: CreationTime: 2018-05-12T15:54:58.795535300Z
|
|---|
| 390 | 2f44.2ad4: LastWriteTime: 2018-04-15T21:51:08.343639800Z
|
|---|
| 391 | 2f44.2ad4: ChangeTime: 2018-05-12T22:01:23.722066200Z
|
|---|
| 392 | 2f44.2ad4: FileAttributes: 0x20
|
|---|
| 393 | 2f44.2ad4: Size: 0x265c00
|
|---|
| 394 | 2f44.2ad4: NT Headers: 0xf0
|
|---|
| 395 | 2f44.2ad4: Timestamp: 0xde35406a
|
|---|
| 396 | 2f44.2ad4: Machine: 0x8664 - amd64
|
|---|
| 397 | 2f44.2ad4: Timestamp: 0xde35406a
|
|---|
| 398 | 2f44.2ad4: Image Version: 10.0
|
|---|
| 399 | 2f44.2ad4: SizeOfImage: 0x266000 (2514944)
|
|---|
| 400 | 2f44.2ad4: Resource Dir: 0x245000 LB 0x548
|
|---|
| 401 | 2f44.2ad4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 402 | 2f44.2ad4: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 403 | 2f44.2ad4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 404 | 2f44.2ad4: ProductVersion: 10.0.16299.402
|
|---|
| 405 | 2f44.2ad4: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
|
|---|
| 406 | 2f44.2ad4: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 407 | 2f44.2ad4: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 408 | 2f44.2ad4: CreationTime: 2017-09-29T13:42:07.095026600Z
|
|---|
| 409 | 2f44.2ad4: LastWriteTime: 2017-09-29T13:42:07.095026600Z
|
|---|
| 410 | 2f44.2ad4: ChangeTime: 2018-05-12T16:19:54.262649500Z
|
|---|
| 411 | 2f44.2ad4: FileAttributes: 0x20
|
|---|
| 412 | 2f44.2ad4: Size: 0x1b398
|
|---|
| 413 | 2f44.2ad4: NT Headers: 0xc8
|
|---|
| 414 | 2f44.2ad4: Timestamp: 0xf30abf31
|
|---|
| 415 | 2f44.2ad4: Machine: 0x8664 - amd64
|
|---|
| 416 | 2f44.2ad4: Timestamp: 0xf30abf31
|
|---|
| 417 | 2f44.2ad4: Image Version: 10.0
|
|---|
| 418 | 2f44.2ad4: SizeOfImage: 0x1c000 (114688)
|
|---|
| 419 | 2f44.2ad4: Resource Dir: 0x1b000 LB 0x408
|
|---|
| 420 | 2f44.2ad4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 421 | 2f44.2ad4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 422 | 2f44.2ad4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 423 | 2f44.2ad4: ProductVersion: 10.0.16299.15
|
|---|
| 424 | 2f44.2ad4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
|
|---|
| 425 | 2f44.2ad4: FileDescription: ApiSet Schema DLL
|
|---|
| 426 | 2f44.2ad4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 427 | 2f44.2ad4: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 428 | 2f44.2ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 429 | 2f44.2ad4: Calling main()
|
|---|
| 430 | 2f44.2ad4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 431 | 2f44.2ad4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
|
|---|
| 432 | 2f44.2ad4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 433 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 434 | 2f44.2ad4: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 435 | 2f44.2ad4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000)
|
|---|
| 436 | 2f44.2ad4: supR3HardNtEnableThreadCreation:
|
|---|
| 437 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
|
|---|
| 438 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
|
|---|
| 439 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 440 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 441 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae3ce0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 442 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 443 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 444 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 445 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 446 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 447 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 448 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 449 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 450 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 451 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
|
|---|
| 452 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
|
|---|
| 453 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 454 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
|
|---|
| 455 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
|
|---|
| 456 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 457 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 458 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 459 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 460 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
|
|---|
| 461 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 462 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 463 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 464 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
|
|---|
| 465 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
|
|---|
| 466 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 467 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 468 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 469 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msasn1.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 470 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 471 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
|
|---|
| 472 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
|
|---|
| 473 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 474 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 475 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 476 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 477 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
|
|---|
| 478 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 479 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 480 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 481 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 482 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 483 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8410000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
|
|---|
| 484 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 485 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae72b0000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
|
|---|
| 486 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 487 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7420000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
|
|---|
| 488 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 489 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 490 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
|
|---|
| 491 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
|
|---|
| 492 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8240000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 493 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 494 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea930000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 495 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 496 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8ac0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
|
|---|
| 497 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\sechost.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 498 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\sechost.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 499 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 500 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
|
|---|
| 501 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
|
|---|
| 502 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea6e0000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
|
|---|
| 503 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\advapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 504 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\advapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 505 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 506 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
|
|---|
| 507 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
|
|---|
| 508 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
|
|---|
| 509 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 510 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7340000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
|
|---|
| 511 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 512 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 513 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 514 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 515 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 516 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 517 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 518 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 519 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 520 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-fibers-l1-1-1'
|
|---|
| 521 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 522 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 523 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-synch-l1-2-0'
|
|---|
| 524 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
|
|---|
| 525 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 526 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-l1-2-1'
|
|---|
| 527 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\WINDOWS\system32\Wintrust.dll'
|
|---|
| 528 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 529 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 530 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
|
|---|
| 531 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 532 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 533 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 534 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 535 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
|
|---|
| 536 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
|
|---|
| 537 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 538 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 539 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 540 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 541 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 542 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 543 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 544 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 545 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 546 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6d90000 LB 0x00025000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
|
|---|
| 547 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 548 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae6d90000 'C:\WINDOWS\system32\bcrypt.dll'
|
|---|
| 549 | 2f44.2ad4: bcrypt.dll loaded at 00007ffae6d90000, BCryptOpenAlgorithmProvider at 00007ffae6d92590, preloading providers:
|
|---|
| 550 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 551 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 552 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
|
|---|
| 553 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 554 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 555 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae73a0000 LB 0x00072000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 556 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 557 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae73a0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
|
|---|
| 558 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000002aa53b0)
|
|---|
| 559 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002aaf9b0)
|
|---|
| 560 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002aafc80)
|
|---|
| 561 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002aaff50)
|
|---|
| 562 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002ab0220)
|
|---|
| 563 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002ab04f0)
|
|---|
| 564 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002ab07c0)
|
|---|
| 565 | 2f44.2ad4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002ab0a90)
|
|---|
| 566 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 567 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 568 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 569 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 570 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 571 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 572 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 573 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 574 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 575 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 576 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 577 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 578 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 579 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 580 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 581 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 582 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 583 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 584 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 585 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 586 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 587 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 588 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 589 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
|
|---|
| 590 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
|
|---|
| 591 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6c90000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 592 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 593 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 594 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 595 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
|
|---|
| 596 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
|
|---|
| 597 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 598 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 599 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 600 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 601 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 602 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 603 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae66c0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 604 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 605 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 606 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 607 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 608 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
|
|---|
| 609 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
|
|---|
| 610 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
|
|---|
| 611 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6c80000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 612 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 613 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 614 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 615 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 616 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 617 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 618 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 619 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 620 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 621 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 622 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 623 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\CRYPT32.dll'
|
|---|
| 624 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae85c0000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
|
|---|
| 625 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 626 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 627 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
|
|---|
| 628 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
|
|---|
| 629 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 630 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 631 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 632 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gpapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 633 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 634 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 635 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 636 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
|
|---|
| 637 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
|
|---|
| 638 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5fb0000 LB 0x00022000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
|
|---|
| 639 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 640 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7290000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
|
|---|
| 641 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\profapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 642 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 643 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
|
|---|
| 644 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 645 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 646 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 647 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 648 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
|
|---|
| 649 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
|
|---|
| 650 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
|
|---|
| 651 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 652 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 653 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 654 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 655 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 656 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 657 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 658 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 659 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 660 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 661 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 662 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 663 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 664 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 665 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac9590000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
|
|---|
| 666 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 667 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 668 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 669 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 670 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 671 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 672 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 673 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 674 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 675 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 676 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 677 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 678 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 679 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 680 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 681 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 682 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 683 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 684 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 685 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 686 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 687 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 688 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 689 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 690 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 691 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 692 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 693 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 694 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 695 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\WINDOWS\System32\cryptnet.dll'
|
|---|
| 696 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 697 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac9590000 'C:\Windows\System32\cryptnet.dll'
|
|---|
| 698 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 699 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 700 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 701 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 702 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 703 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 704 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 705 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002abecc0
|
|---|
| 706 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 707 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3AA809FAB5503D5FF9AD3FF567064FBB4406C07
|
|---|
| 708 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 709 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 710 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea930000 'C:\WINDOWS\System32\rpcrt4.dll'
|
|---|
| 711 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 712 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 713 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 714 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 715 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 716 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 717 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 718 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 719 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 720 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 721 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 722 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 723 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 724 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 725 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 726 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 727 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 728 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 729 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 730 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 731 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 732 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1189_for_KB4103727~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 733 | 2f44.2ad4: g_pfnWinVerifyTrust=00007ffae7346bc0
|
|---|
| 734 | 2f44.2ad4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 735 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 736 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 737 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 738 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 739 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 740 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 741 | 2f44.2ad4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
|
|---|
| 742 | 2f44.2ad4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 743 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 744 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 745 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 746 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 747 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 748 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 749 | 2f44.2ad4: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
|
|---|
| 750 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
|
|---|
| 751 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 752 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 753 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A0BC1B38B9F5EE15493A1BB6ABB29D2FFBB4119
|
|---|
| 754 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 755 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 756 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 757 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 758 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
|
|---|
| 759 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 760 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
|
|---|
| 761 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 762 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 763 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 764 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
|
|---|
| 765 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 766 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 767 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 768 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
|
|---|
| 769 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 770 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 771 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 772 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
|
|---|
| 773 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 774 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 775 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 776 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
|
|---|
| 777 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 778 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 779 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 780 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
|
|---|
| 781 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 782 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 783 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
|
|---|
| 784 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 785 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 786 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 787 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 788 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
|
|---|
| 789 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 790 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 791 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 792 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 793 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
|
|---|
| 794 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 795 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 796 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
|
|---|
| 797 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 798 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 799 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
|
|---|
| 800 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 801 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 802 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll'
|
|---|
| 803 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 804 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 805 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
|
|---|
| 806 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 807 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 808 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
|
|---|
| 809 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 810 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 811 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
|
|---|
| 812 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 813 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
|
|---|
| 814 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 815 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe'
|
|---|
| 816 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 817 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 818 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
|
|---|
| 819 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 820 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 821 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
|
|---|
| 822 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\system32\crypt32.dll'
|
|---|
| 823 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
|
|---|
| 824 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 825 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 826 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA
|
|---|
| 827 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 828 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
|
|---|
| 829 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
|
|---|
| 830 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 831 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
|
|---|
| 832 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
|
|---|
| 833 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
|
|---|
| 834 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 835 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 836 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
|
|---|
| 837 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
|
|---|
| 838 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
|
|---|
| 839 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
|
|---|
| 840 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
|
|---|
| 841 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
|
|---|
| 842 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
|
|---|
| 843 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
|
|---|
| 844 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 845 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
|
|---|
| 846 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
|
|---|
| 847 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
|
|---|
| 848 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
|
|---|
| 849 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
|
|---|
| 850 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
|
|---|
| 851 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 852 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 853 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
|
|---|
| 854 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
|
|---|
| 855 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
|
|---|
| 856 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
|
|---|
| 857 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
|
|---|
| 858 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
|
|---|
| 859 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 860 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
|
|---|
| 861 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
|
|---|
| 862 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 863 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
|
|---|
| 864 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
|
|---|
| 865 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 866 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
|
|---|
| 867 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
|
|---|
| 868 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
|
|---|
| 869 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
|
|---|
| 870 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
|
|---|
| 871 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
|
|---|
| 872 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
|
|---|
| 873 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
|
|---|
| 874 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
|
|---|
| 875 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
|
|---|
| 876 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
|
|---|
| 877 | 2f44.2ad4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 878 | 2f44.2ad4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
|
|---|
| 879 | 2f44.2ad4: SUPR3HardenedMain: Load Runtime...
|
|---|
| 880 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 881 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 882 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 883 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
|
|---|
| 884 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
|
|---|
| 885 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 886 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 887 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 888 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 889 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 890 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 891 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 892 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 893 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 894 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 895 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 896 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 897 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 898 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 899 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 900 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 901 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 902 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 903 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 904 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 905 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 906 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 907 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 908 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 909 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 910 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 911 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 912 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 913 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
|
|---|
| 914 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 915 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 916 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 917 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 918 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 919 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 920 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 921 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000073f40000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 922 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
|
|---|
| 923 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000073ea0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 924 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 925 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea1b0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
|
|---|
| 926 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 927 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffab1e90000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 928 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 929 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
|
|---|
| 930 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
|
|---|
| 931 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 932 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 933 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 934 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 935 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 936 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 937 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 938 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 939 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 940 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 941 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 942 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 943 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 944 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 945 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 946 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 947 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 948 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 949 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 950 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 951 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 952 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 953 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 954 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 955 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 956 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 957 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 958 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 959 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 960 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 961 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 962 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 963 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 964 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 965 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 966 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 967 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 968 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 969 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 970 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 971 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 972 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 973 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 974 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
|
|---|
| 975 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 976 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 977 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 978 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 979 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab1e90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
|
|---|
| 980 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\WINDOWS\system32\Wintrust.dll'
|
|---|
| 981 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 982 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 983 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 984 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 985 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 986 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 987 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\system32\crypt32.dll'
|
|---|
| 988 | 2f44.2ad4: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 989 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 990 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 991 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 992 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
|
|---|
| 993 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 994 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 995 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
|
|---|
| 996 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
|
|---|
| 997 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
|
|---|
| 998 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 999 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 1000 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
|
|---|
| 1001 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
|
|---|
| 1002 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
|
|---|
| 1003 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
|
|---|
| 1004 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
|
|---|
| 1005 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
|
|---|
| 1006 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
|
|---|
| 1007 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1008 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1009 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmm.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1010 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1011 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1012 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1013 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
|
|---|
| 1014 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 1015 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 1016 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1017 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1018 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1019 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1020 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1021 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1022 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 1023 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1024 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1025 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1026 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1027 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1028 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmmbase.dll)
|
|---|
| 1029 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmmbase.dll
|
|---|
| 1030 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1031 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1032 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1033 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1034 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 1035 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1036 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1037 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1038 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
|
|---|
| 1039 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
|
|---|
| 1040 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
|
|---|
| 1041 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1042 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1043 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1044 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ole32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1045 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1046 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1047 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1048 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1049 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1050 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1051 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1052 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 1053 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
|
|---|
| 1054 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
|
|---|
| 1055 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1056 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1057 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1058 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1059 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1060 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1061 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
|
|---|
| 1062 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1063 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 1064 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1065 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 1066 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1067 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1068 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1069 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1070 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
|
|---|
| 1071 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
|
|---|
| 1072 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
|
|---|
| 1073 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
|
|---|
| 1074 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
|
|---|
| 1075 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1076 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1077 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1078 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1079 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1080 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
|
|---|
| 1081 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1082 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1083 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1084 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1085 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\user32.dll'.
|
|---|
| 1086 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1087 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
|
|---|
| 1088 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
|
|---|
| 1089 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1090 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1091 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1092 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gdi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1093 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1094 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1095 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
|
|---|
| 1096 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1097 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1098 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1099 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1100 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1101 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1102 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1103 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1104 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\win32u.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1105 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\win32u.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1106 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1107 | 2f44.2ad4: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
|
|---|
| 1108 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
|
|---|
| 1109 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1110 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1111 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1112 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1113 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
|
|---|
| 1114 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
|
|---|
| 1115 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
|
|---|
| 1116 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1117 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1118 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1119 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1120 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1121 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1122 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [redoing WinVerifyTrust]
|
|---|
| 1123 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1124 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1125 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1126 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1127 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1128 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1129 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1130 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1131 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1132 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1133 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1134 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
|
|---|
| 1135 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 1136 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1137 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1138 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 1139 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 1140 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1141 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1142 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 1143 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1144 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
|
|---|
| 1145 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1146 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1147 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1148 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1149 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1150 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1151 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
|
|---|
| 1152 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1153 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 1154 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 1155 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1156 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1157 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 1158 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 1159 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 1160 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
|
|---|
| 1161 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1162 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1163 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1164 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
|
|---|
| 1165 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 1166 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1167 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1168 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1169 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1170 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1171 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1172 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
|
|---|
| 1173 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1174 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1175 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1176 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
|
|---|
| 1177 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1178 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1179 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1180 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1181 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1182 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1183 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1184 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
|
|---|
| 1185 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1186 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1187 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1188 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1189 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1190 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1191 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1192 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1193 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1194 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1195 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1196 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1197 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1198 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1199 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1200 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1201 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1202 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1203 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1204 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1205 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1206 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1207 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1208 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1209 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1210 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1211 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1212 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1213 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1214 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1215 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1216 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1217 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1218 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1219 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1220 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1221 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1222 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1223 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1224 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\opengl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1225 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\opengl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1226 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
|
|---|
| 1227 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1228 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 1229 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1230 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1231 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'glu32.dll'.
|
|---|
| 1232 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
|
|---|
| 1233 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1234 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1235 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1236 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1237 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1238 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1239 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1240 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1241 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1242 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1243 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 1244 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1245 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\mpr.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1246 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\mpr.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1247 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1248 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
|
|---|
| 1249 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
|
|---|
| 1250 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1251 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1252 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 1253 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1254 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1255 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1256 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1257 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1258 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1259 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1260 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1261 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1262 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1263 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1264 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1265 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1266 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1267 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\glu32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1268 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\glu32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1269 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1270 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1271 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1272 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'opengl32.dll'.
|
|---|
| 1273 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
|
|---|
| 1274 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
|
|---|
| 1275 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1276 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1277 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1278 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1279 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1280 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1281 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1282 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1283 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1284 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1285 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1286 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1287 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1288 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1289 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
|
|---|
| 1290 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1291 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1292 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1293 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1294 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1295 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1296 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1297 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1298 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
|
|---|
| 1299 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 1300 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1301 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
|
|---|
| 1302 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
|
|---|
| 1303 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
|
|---|
| 1304 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
|
|---|
| 1305 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
|
|---|
| 1306 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1307 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1308 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1309 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1310 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1311 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
|
|---|
| 1312 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
|
|---|
| 1313 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1314 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
|
|---|
| 1315 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1316 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
|
|---|
| 1317 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'shlwapi.dll'.
|
|---|
| 1318 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
|
|---|
| 1319 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'comctl32.dll'.
|
|---|
| 1320 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #40 'shell32.dll'.
|
|---|
| 1321 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
|
|---|
| 1322 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
|
|---|
| 1323 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
|
|---|
| 1324 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
|
|---|
| 1325 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winspool.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1326 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\winspool.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1327 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
|
|---|
| 1328 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1329 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
|
|---|
| 1330 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
|
|---|
| 1331 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
|
|---|
| 1332 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
|
|---|
| 1333 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1334 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1335 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1336 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1337 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1338 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1339 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1340 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1341 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
|
|---|
| 1342 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1343 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1344 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1345 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1346 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1347 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1348 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 1349 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1350 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 1351 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
|
|---|
| 1352 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1353 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1354 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1355 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'.
|
|---|
| 1356 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)
|
|---|
| 1357 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 1358 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1359 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1360 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1361 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1362 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1363 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
|
|---|
| 1364 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
|
|---|
| 1365 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
|
|---|
| 1366 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 1367 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1368 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1369 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
|
|---|
| 1370 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
|
|---|
| 1371 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1372 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1373 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1374 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 1375 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1376 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1377 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1378 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
|
|---|
| 1379 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
|
|---|
| 1380 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
|
|---|
| 1381 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 1382 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1383 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1384 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1385 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1386 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1387 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1388 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1389 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1390 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1391 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1392 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1393 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1394 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1395 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1396 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1397 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1398 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1399 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1400 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1401 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1402 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
|
|---|
| 1403 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1404 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1405 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1406 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1407 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
|
|---|
| 1408 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1409 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1410 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
|
|---|
| 1411 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1412 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
|
|---|
| 1413 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1414 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1415 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
|
|---|
| 1416 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1417 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
|
|---|
| 1418 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1419 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1420 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1421 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1422 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1423 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1424 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1425 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
|
|---|
| 1426 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000568 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1427 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 1428 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 1429 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F39C902102F30859FF82648A950427FCB81FB124
|
|---|
| 1430 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1431 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1432 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00111~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
|
|---|
| 1433 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1434 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
|
|---|
| 1435 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
|
|---|
| 1436 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
|
|---|
| 1437 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1438 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1439 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1440 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1441 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
|
|---|
| 1442 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1443 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1444 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1445 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1446 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
|
|---|
| 1447 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 1448 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1449 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1450 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll)
|
|---|
| 1451 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll
|
|---|
| 1452 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1453 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
|
|---|
| 1454 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7520000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
|
|---|
| 1455 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [avoiding WinVerifyTrust]
|
|---|
| 1456 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae80f0000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
|
|---|
| 1457 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [avoiding WinVerifyTrust]
|
|---|
| 1458 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7f50000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
|
|---|
| 1459 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 1460 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 1461 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
|
|---|
| 1462 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
|
|---|
| 1463 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
|
|---|
| 1464 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
|
|---|
| 1465 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea440000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
|
|---|
| 1466 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [avoiding WinVerifyTrust]
|
|---|
| 1467 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8be0000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
|
|---|
| 1468 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffad1a70000 LB 0x0002c000 C:\WINDOWS\SYSTEM32\GLU32.dll [fFlags=0x0]
|
|---|
| 1469 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
|
|---|
| 1470 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac3320000 LB 0x0011e000 C:\WINDOWS\SYSTEM32\OPENGL32.dll [fFlags=0x0]
|
|---|
| 1471 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
|
|---|
| 1472 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7540000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
|
|---|
| 1473 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1474 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1475 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
|
|---|
| 1476 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
|
|---|
| 1477 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae85e0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
|
|---|
| 1478 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [avoiding WinVerifyTrust]
|
|---|
| 1479 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea5d0000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
|
|---|
| 1480 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\SHCore.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1481 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\SHCore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1482 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1483 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
|
|---|
| 1484 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
|
|---|
| 1485 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
|
|---|
| 1486 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 1487 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaeaa50000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
|
|---|
| 1488 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
|
|---|
| 1489 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7320000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
|
|---|
| 1490 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1491 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1492 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
|
|---|
| 1493 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 1494 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
|
|---|
| 1495 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
|
|---|
| 1496 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae72d0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
|
|---|
| 1497 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\powrprof.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1498 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\powrprof.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1499 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
|
|---|
| 1500 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
|
|---|
| 1501 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
|
|---|
| 1502 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7590000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
|
|---|
| 1503 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1504 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 1505 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
|
|---|
| 1506 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
|
|---|
| 1507 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
|
|---|
| 1508 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 1509 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8d70000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
|
|---|
| 1510 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1511 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea470000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
|
|---|
| 1512 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1513 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffad5590000 LB 0x0001b000 C:\WINDOWS\SYSTEM32\MPR.dll [fFlags=0x0]
|
|---|
| 1514 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
|
|---|
| 1515 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00000000734f0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
|
|---|
| 1516 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1517 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaae950000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
|
|---|
| 1518 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1519 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000072f80000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
|
|---|
| 1520 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1521 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6850000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
|
|---|
| 1522 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [avoiding WinVerifyTrust]
|
|---|
| 1523 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffad9410000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
|
|---|
| 1524 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
|
|---|
| 1525 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffacf650000 LB 0x000a6000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\COMCTL32.dll [fFlags=0x0]
|
|---|
| 1526 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll [avoiding WinVerifyTrust]
|
|---|
| 1527 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae84b0000 LB 0x0010a000 C:\WINDOWS\System32\COMDLG32.dll [fFlags=0x0]
|
|---|
| 1528 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
|
|---|
| 1529 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac3d80000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
|
|---|
| 1530 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
|
|---|
| 1531 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 0000000073e40000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
|
|---|
| 1532 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1533 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea220000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 1534 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1535 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4e70000 LB 0x0002a000 C:\WINDOWS\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
|
|---|
| 1536 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
|
|---|
| 1537 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae51a0000 LB 0x00023000 C:\WINDOWS\SYSTEM32\WINMM.dll [fFlags=0x0]
|
|---|
| 1538 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1539 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaafbd0000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
|
|---|
| 1540 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
|
|---|
| 1541 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'.
|
|---|
| 1542 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll' [rescheduled]
|
|---|
| 1543 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\powrprof.dll'.
|
|---|
| 1544 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rescheduled]
|
|---|
| 1545 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll'.
|
|---|
| 1546 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll' [rescheduled]
|
|---|
| 1547 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'.
|
|---|
| 1548 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll' [rescheduled]
|
|---|
| 1549 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
|
|---|
| 1550 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
|
|---|
| 1551 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll'.
|
|---|
| 1552 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32full.dll' [rescheduled]
|
|---|
| 1553 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll'.
|
|---|
| 1554 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.431_none_887985224abb0026\comctl32.dll' [rescheduled]
|
|---|
| 1555 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'.
|
|---|
| 1556 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rescheduled]
|
|---|
| 1557 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
|
|---|
| 1558 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
|
|---|
| 1559 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'.
|
|---|
| 1560 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL' [rescheduled]
|
|---|
| 1561 | 2f44.2ad4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
|
|---|
| 1562 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
|
|---|
| 1563 | 2f44.2ad4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
|
|---|
| 1564 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
|
|---|
| 1565 | 2f44.2ad4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
|
|---|
| 1566 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
|
|---|
| 1567 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
|
|---|
| 1568 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
|
|---|
| 1569 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1570 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rescheduled]
|
|---|
| 1571 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1572 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rescheduled]
|
|---|
| 1573 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1574 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rescheduled]
|
|---|
| 1575 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1576 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rescheduled]
|
|---|
| 1577 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'.
|
|---|
| 1578 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rescheduled]
|
|---|
| 1579 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 1580 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 1581 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1582 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 1583 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1584 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1585 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1586 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1587 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1588 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1589 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1590 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1591 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1592 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1593 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1594 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1595 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1596 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1597 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1598 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1599 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1600 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1601 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\combase.dll'.
|
|---|
| 1602 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 1603 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1604 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1605 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1606 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1607 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1608 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1609 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1610 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1611 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1612 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1613 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1614 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1615 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1616 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1617 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1618 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1619 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 1620 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1621 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 1622 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'.
|
|---|
| 1623 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
|
|---|
| 1624 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1625 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1626 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1627 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1628 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1629 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'.
|
|---|
| 1630 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1631 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1632 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1633 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1634 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1635 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 1636 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
|
|---|
| 1637 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1638 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-string-l1-1-0'
|
|---|
| 1639 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
|
|---|
| 1640 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1641 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-datetime-l1-1-1'
|
|---|
| 1642 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
|
|---|
| 1643 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 1644 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-obsolete-l1-2-0'
|
|---|
| 1645 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1646 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\imm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1647 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 1648 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 1649 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
|
|---|
| 1650 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
|
|---|
| 1651 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 1652 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1653 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1654 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [redoing WinVerifyTrust]
|
|---|
| 1655 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\win32u.dll'.
|
|---|
| 1656 | 2f44.2ad4: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\win32u.dll
|
|---|
| 1657 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1658 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1659 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 1660 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae8b20000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
|
|---|
| 1661 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
|
|---|
| 1662 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8b20000 'C:\WINDOWS\system32\IMM32.DLL'
|
|---|
| 1663 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 1664 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rescheduled]
|
|---|
| 1665 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
|
|---|
| 1666 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\imm32.dll'.
|
|---|
| 1667 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 1668 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1669 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8b20000 'C:\WINDOWS\System32\imm32.dll'
|
|---|
| 1670 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1671 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1672 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea6e0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
|
|---|
| 1673 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaafbd0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
|
|---|
| 1674 | 2f44.2ad4: SUPR3HardenedMain: Calling TrustedMain (00007ffaafbd14f0)...
|
|---|
| 1675 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1676 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1677 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 1678 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1679 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 1680 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 1681 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 1682 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 1683 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1684 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
|
|---|
| 1685 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
|
|---|
| 1686 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
|
|---|
| 1687 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
|
|---|
| 1688 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 1689 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1690 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1691 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1692 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1693 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1694 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1695 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1696 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1697 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1698 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1699 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1700 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1701 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1702 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1703 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1704 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1705 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1706 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1707 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1708 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1709 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 1710 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1711 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [redoing WinVerifyTrust]
|
|---|
| 1712 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1713 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1714 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
|
|---|
| 1715 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1716 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1717 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
|
|---|
| 1718 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1719 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1720 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1721 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1722 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1723 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
|
|---|
| 1724 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1725 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1726 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
|
|---|
| 1727 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1728 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 1729 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffac3c50000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
|
|---|
| 1730 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
|
|---|
| 1731 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac3c50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
|
|---|
| 1732 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1733 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1734 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000704 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1735 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 1736 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 1737 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB199956403E78CE61C981F6BA97CA632BE55AC
|
|---|
| 1738 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1739 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1740 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
|
|---|
| 1741 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1742 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1743 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
|
|---|
| 1744 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'user32.dll'.
|
|---|
| 1745 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
|
|---|
| 1746 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1747 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1748 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1749 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1750 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1751 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1752 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1753 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 1754 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 1755 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1756 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5500000 LB 0x00095000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
|
|---|
| 1757 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1758 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae5500000 'C:\WINDOWS\system32\uxtheme.dll'
|
|---|
| 1759 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'C:\WINDOWS\system32\user32.dll'
|
|---|
| 1760 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1761 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1762 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 1763 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
|
|---|
| 1764 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1765 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1766 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\SHCore.dll'
|
|---|
| 1767 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHCore.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1768 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea5d0000 'C:\WINDOWS\system32\SHCore.dll'
|
|---|
| 1769 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
|
|---|
| 1770 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
|
|---|
| 1771 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1772 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1773 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1774 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'win32u.dll'.
|
|---|
| 1775 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
|
|---|
| 1776 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
|
|---|
| 1777 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
|
|---|
| 1778 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
|
|---|
| 1779 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5770000 LB 0x0002a000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
|
|---|
| 1780 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
|
|---|
| 1781 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1782 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1783 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1784 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1785 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1786 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1787 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1788 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1789 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1790 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1791 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1792 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
|
|---|
| 1793 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1794 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1795 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\system32\winmm.dll'
|
|---|
| 1796 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 1797 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1798 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\system32\winmm.dll'
|
|---|
| 1799 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1800 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1801 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 1802 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
|
|---|
| 1803 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1804 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae5500000 'C:\WINDOWS\system32\uxtheme.dll'
|
|---|
| 1805 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
|
|---|
| 1806 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1807 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea6e0000 'C:\WINDOWS\system32\advapi32.dll'
|
|---|
| 1808 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\userenv.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1809 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\userenv.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1810 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1811 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1812 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 1813 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'profapi.dll'.
|
|---|
| 1814 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) WinVerifyTrust
|
|---|
| 1815 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 1816 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 1817 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1818 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
|
|---|
| 1819 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1820 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1821 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1822 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 1823 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae7190000 LB 0x00029000 C:\WINDOWS\system32\userenv.dll [fFlags=0x0]
|
|---|
| 1824 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
|
|---|
| 1825 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7190000 'C:\WINDOWS\system32\userenv.dll'
|
|---|
| 1826 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
|
|---|
| 1827 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1828 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea390000 'C:\WINDOWS\System32\kernel32.dll'
|
|---|
| 1829 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffaea2f0000 LB 0x0009e000 C:\WINDOWS\System32\clbcatq.dll [fFlags=0x0]
|
|---|
| 1830 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1831 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1832 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1833 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
|
|---|
| 1834 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll)
|
|---|
| 1835 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
|
|---|
| 1836 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1837 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1838 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 1839 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1840 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1841 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1842 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1843 | 2f44.264c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
|
|---|
| 1844 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1845 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1846 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 1847 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 1848 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1849 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 1850 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 1851 | 2f44.264c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
|
|---|
| 1852 | 2f44.264c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 1853 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1854 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1855 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1856 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1857 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1858 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1859 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1860 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1861 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1862 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1863 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1864 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1865 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 1866 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1867 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1868 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 1869 | 2f44.264c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 1870 | 2f44.264c: supR3HardenedDllNotificationCallback: load 00007ffaae400000 LB 0x00544000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
|
|---|
| 1871 | 2f44.264c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 1872 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
|
|---|
| 1873 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1874 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1875 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 1876 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 1877 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 1878 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 1879 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 1880 | 2f44.264c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 1881 | 2f44.264c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
|
|---|
| 1882 | 2f44.264c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 1883 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1884 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1885 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1886 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1887 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1888 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1889 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1890 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 1891 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 1892 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1893 | 2f44.264c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
|
|---|
| 1894 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1895 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1896 | 2f44.264c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
|
|---|
| 1897 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1898 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1899 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1900 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1901 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1902 | 2f44.264c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1903 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 1904 | 2f44.264c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 1905 | 2f44.264c: supR3HardenedDllNotificationCallback: load 00007ffac0a00000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
|
|---|
| 1906 | 2f44.264c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
|
|---|
| 1907 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffac0a00000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
|
|---|
| 1908 | 2f44.264c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1909 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 1910 | 2f44.264c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea220000 'C:\Windows\System32\oleaut32.dll'
|
|---|
| 1911 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
|
|---|
| 1912 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1913 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea440000 'C:\WINDOWS\system32\gdi32.dll'
|
|---|
| 1914 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 1915 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 1916 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 1917 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae88f0000 LB 0x00167000 C:\WINDOWS\System32\MSCTF.dll [fFlags=0x0]
|
|---|
| 1918 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1919 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'oleaut32.dll'.
|
|---|
| 1920 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'user32.dll'.
|
|---|
| 1921 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
|
|---|
| 1922 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'imm32.dll'.
|
|---|
| 1923 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
|
|---|
| 1924 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 1925 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 1926 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1927 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
|
|---|
| 1928 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1929 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1930 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1931 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1932 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1933 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1934 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 1935 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1936 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1937 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1938 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1939 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
|
|---|
| 1940 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1941 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1942 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009fc pwszName=\Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 1943 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 1944 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 1945 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87FA668FC207CB724FFDD342C6B5B8D273E3498D
|
|---|
| 1946 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1947 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1948 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0010~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\DataExchange.dll'
|
|---|
| 1949 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1950 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1951 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
|
|---|
| 1952 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'combase.dll'.
|
|---|
| 1953 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'd3d11.dll'.
|
|---|
| 1954 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'dcomp.dll'.
|
|---|
| 1955 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\DataExchange.dll) WinVerifyTrust
|
|---|
| 1956 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 1957 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
|
|---|
| 1958 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume3\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1959 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dcomp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1960 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dcomp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1961 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1962 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1963 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
|
|---|
| 1964 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1965 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dcomp.dll) WinVerifyTrust
|
|---|
| 1966 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 1967 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
|
|---|
| 1968 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume3\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1969 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\d3d11.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1970 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\d3d11.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1971 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1972 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1973 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1974 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1975 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1976 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 1977 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 1978 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1979 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'dxgi.dll'.
|
|---|
| 1980 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'win32u.dll'.
|
|---|
| 1981 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\d3d11.dll) WinVerifyTrust
|
|---|
| 1982 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 1983 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 1984 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1985 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [redoing WinVerifyTrust]
|
|---|
| 1986 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 1987 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1988 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 1989 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
|
|---|
| 1990 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1991 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dxgi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 1992 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\dxgi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1993 | 2f44.2ad4: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
|
|---|
| 1994 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1995 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'win32u.dll'.
|
|---|
| 1996 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dxgi.dll)
|
|---|
| 1997 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dxgi.dll
|
|---|
| 1998 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1999 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2000 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
|
|---|
| 2001 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2002 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
|
|---|
| 2003 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2004 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2005 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2006 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2007 | 2f44.2ad4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\combase.dll'
|
|---|
| 2008 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2009 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2010 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2011 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2012 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2013 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2014 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2015 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2016 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2017 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
|
|---|
| 2018 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae6030000 LB 0x000af000 C:\WINDOWS\system32\dxgi.dll [fFlags=0x0]
|
|---|
| 2019 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
|
|---|
| 2020 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4320000 LB 0x002e2000 C:\WINDOWS\system32\d3d11.dll [fFlags=0x0]
|
|---|
| 2021 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\d3d11.dll
|
|---|
| 2022 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4cc0000 LB 0x00142000 C:\WINDOWS\system32\dcomp.dll [fFlags=0x0]
|
|---|
| 2023 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dcomp.dll
|
|---|
| 2024 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae3120000 LB 0x0004f000 C:\WINDOWS\system32\dataexchange.dll [fFlags=0x0]
|
|---|
| 2025 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\DataExchange.dll
|
|---|
| 2026 | 2f44.2ad4: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\dxgi.dll'.
|
|---|
| 2027 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dxgi.dll' [rescheduled]
|
|---|
| 2028 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea440000 'C:\WINDOWS\System32\gdi32.dll'
|
|---|
| 2029 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3120000 'C:\WINDOWS\system32\dataexchange.dll'
|
|---|
| 2030 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2031 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2032 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2033 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rmclient.dll'.
|
|---|
| 2034 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
|
|---|
| 2035 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'bcrypt.dll'.
|
|---|
| 2036 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
|
|---|
| 2037 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll)
|
|---|
| 2038 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll
|
|---|
| 2039 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rmclient.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2040 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\rmclient.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2041 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2042 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
|
|---|
| 2043 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rmclient.dll)
|
|---|
| 2044 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rmclient.dll
|
|---|
| 2045 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae5860000 LB 0x00020000 C:\WINDOWS\system32\RMCLIENT.dll [fFlags=0x0]
|
|---|
| 2046 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [avoiding WinVerifyTrust]
|
|---|
| 2047 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae58b0000 LB 0x0017b000 C:\WINDOWS\system32\twinapi.appcore.dll [fFlags=0x0]
|
|---|
| 2048 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
|
|---|
| 2049 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2050 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2051 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2052 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2053 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2054 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2055 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2056 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 2057 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2058 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 2059 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2060 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2061 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rmclient.dll'...
|
|---|
| 2062 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rmclient.dll' -> '\Device\HarddiskVolume3\Windows\System32\rmclient.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2063 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rmclient.dll [lacks WinVerifyTrust]
|
|---|
| 2064 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2065 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2066 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2067 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2068 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rmclient.dll'
|
|---|
| 2069 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2070 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2071 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\twinapi.appcore.dll'
|
|---|
| 2072 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
|
|---|
| 2073 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2074 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae88f0000 'C:\WINDOWS\System32\MSCTF.dll'
|
|---|
| 2075 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2076 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2077 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2078 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2079 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea470000 'C:\WINDOWS\System32\ole32.dll'
|
|---|
| 2080 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2081 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2082 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea220000 'C:\WINDOWS\System32\OLEAUT32.dll'
|
|---|
| 2083 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2084 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2085 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a50 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2086 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2087 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2088 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE2733DC030E44DCE443886E467FF179D2D68A91
|
|---|
| 2089 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
|
|---|
| 2090 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2091 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2092 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2093 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1146_for_KB4103727~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
|
|---|
| 2094 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2095 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2096 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 2097 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
|
|---|
| 2098 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
|
|---|
| 2099 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2100 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2101 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2102 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2103 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2104 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae4 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2105 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2106 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2107 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA3F9D85214DB0270185C719B931C69440BA9C18
|
|---|
| 2108 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2109 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2110 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
|
|---|
| 2111 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2112 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2113 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'bcrypt.dll'.
|
|---|
| 2114 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'ws2_32.dll'.
|
|---|
| 2115 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
|
|---|
| 2116 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2117 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2118 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2119 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 2120 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2121 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2122 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2123 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2124 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 2125 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 2126 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2127 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 2128 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2129 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2130 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2131 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2132 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2133 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadf4f0000 LB 0x00081000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0]
|
|---|
| 2134 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2135 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadf5b0000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
|
|---|
| 2136 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2137 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(API-MS-Win-Core-LocalRegistry-L1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2138 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2139 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 2140 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf5b0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
|
|---|
| 2141 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2142 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2143 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2144 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3E3EC800057E0E9FAFD03419437E41507961923
|
|---|
| 2145 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2146 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2147 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1146_for_KB4103727~31bf3856ad364e35~amd64~~10.0.1.8.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
|
|---|
| 2148 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2149 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2150 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 2151 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
|
|---|
| 2152 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2153 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2154 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2155 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2156 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2157 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2158 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2159 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadd030000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
|
|---|
| 2160 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2161 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd030000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
|
|---|
| 2162 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-0.dll) -> 0x0, fPresent=1
|
|---|
| 2163 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2164 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-l1-2-0.dll'
|
|---|
| 2165 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2166 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
|
|---|
| 2167 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7ce0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
|
|---|
| 2168 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2169 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2170 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b1c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2171 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2172 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2173 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=336CDD3C969CEFC6CE8D502298ED123FE8D2F483
|
|---|
| 2174 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2175 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2176 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package01~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
|
|---|
| 2177 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2178 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2179 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'wbemcomn.dll'.
|
|---|
| 2180 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
|
|---|
| 2181 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2182 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2183 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2184 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
|
|---|
| 2185 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2186 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2187 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2188 | 2f44.2ad4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2189 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffade340000 LB 0x000f0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
|
|---|
| 2190 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
|
|---|
| 2191 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffade340000 'C:\WINDOWS\system32\wbem\fastprox.dll'
|
|---|
| 2192 | 2f44.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2193 | 2f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2194 | 2f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
|
|---|
| 2195 | 2f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2196 | 2f44.1774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
|
|---|
| 2197 | 2f44.1774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2198 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2199 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2200 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
|
|---|
| 2201 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2202 | 2f44.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2203 | 2f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 2204 | 2f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2205 | 2f44.1774: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
|
|---|
| 2206 | 2f44.1774: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
|
|---|
| 2207 | 2f44.1774: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
|
|---|
| 2208 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2209 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2210 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2211 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2212 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2213 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2214 | 2f44.1774: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2215 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2216 | 2f44.1774: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2217 | 2f44.1774: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2218 | 2f44.1774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2219 | 2f44.1774: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
|
|---|
| 2220 | 2f44.1774: supR3HardenedDllNotificationCallback: load 0000000073d30000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
|
|---|
| 2221 | 2f44.1774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
|
|---|
| 2222 | 2f44.1774: supR3HardenedDllNotificationCallback: load 00007ffab18c0000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
|
|---|
| 2223 | 2f44.1774: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2224 | 2f44.1774: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffab18c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
|
|---|
| 2225 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2226 | 2f44.29b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2227 | 2f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2228 | 2f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2229 | 2f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2230 | 2f44.29b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 2231 | 2f44.29b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
|
|---|
| 2232 | 2f44.29b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 2233 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2234 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2235 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2236 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2237 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2238 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2239 | 2f44.29b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2240 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2241 | 2f44.29b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2242 | 2f44.29b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2243 | 2f44.29b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 2244 | 2f44.29b4: supR3HardenedDllNotificationCallback: load 00007ffae3cd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
|
|---|
| 2245 | 2f44.29b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 2246 | 2f44.29b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae3cd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
|
|---|
| 2247 | 2f44.29b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'C:\WINDOWS\system32\User32.dll'
|
|---|
| 2248 | 2f44.1b68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2249 | 2f44.1b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2250 | 2f44.1b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2251 | 2f44.1b68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2252 | 2f44.1b68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
|
|---|
| 2253 | 2f44.1b68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 2254 | 2f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2255 | 2f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2256 | 2f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2257 | 2f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2258 | 2f44.1b68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
|
|---|
| 2259 | 2f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2260 | 2f44.1b68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2261 | 2f44.1b68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2262 | 2f44.1b68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 2263 | 2f44.1b68: supR3HardenedDllNotificationCallback: load 00007ffae2170000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
|
|---|
| 2264 | 2f44.1b68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 2265 | 2f44.1b68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2170000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
|
|---|
| 2266 | 2f44.2f50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2267 | 2f44.2f50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2268 | 2f44.2f50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2269 | 2f44.2f50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2270 | 2f44.2f50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
|
|---|
| 2271 | 2f44.2f50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 2272 | 2f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2273 | 2f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2274 | 2f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2275 | 2f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2276 | 2f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2277 | 2f44.2f50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2278 | 2f44.2f50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2279 | 2f44.2f50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 2280 | 2f44.2f50: supR3HardenedDllNotificationCallback: load 00007ffadd810000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
|
|---|
| 2281 | 2f44.2f50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 2282 | 2f44.2f50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd810000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
|
|---|
| 2283 | 2f44.245c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2284 | 2f44.245c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2285 | 2f44.245c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2286 | 2f44.245c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2287 | 2f44.245c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
|
|---|
| 2288 | 2f44.245c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 2289 | 2f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2290 | 2f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2291 | 2f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2292 | 2f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2293 | 2f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2294 | 2f44.245c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2295 | 2f44.245c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
|
|---|
| 2296 | 2f44.245c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2297 | 2f44.245c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 2298 | 2f44.245c: supR3HardenedDllNotificationCallback: load 00007ffadd640000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
|
|---|
| 2299 | 2f44.245c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 2300 | 2f44.245c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd640000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
|
|---|
| 2301 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\Shell32.dll'
|
|---|
| 2302 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2303 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2304 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2305 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2306 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2307 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2308 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
|
|---|
| 2309 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
|
|---|
| 2310 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 2311 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 2312 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
|
|---|
| 2313 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
|
|---|
| 2314 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
|
|---|
| 2315 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
|
|---|
| 2316 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 2317 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
|
|---|
| 2318 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2319 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [redoing WinVerifyTrust]
|
|---|
| 2320 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2321 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2322 | 2f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
|
|---|
| 2323 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2324 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2325 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
|
|---|
| 2326 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2327 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2328 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 2329 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 2330 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2331 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\setupapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2332 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2333 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2334 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2335 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2336 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
|
|---|
| 2337 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'cfgmgr32.dll'.
|
|---|
| 2338 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
|
|---|
| 2339 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 2340 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2341 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2342 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
|
|---|
| 2343 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2344 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 2345 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2346 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
|
|---|
| 2347 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2348 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2349 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2350 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2351 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2352 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2353 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2354 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
|
|---|
| 2355 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 2356 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
|
|---|
| 2357 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2358 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2359 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2360 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2361 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2362 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2363 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2364 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2365 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2366 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
|
|---|
| 2367 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 2368 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
|
|---|
| 2369 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 2370 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2371 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2372 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2373 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2374 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2375 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2376 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2377 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2378 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2379 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 2380 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2381 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 2382 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2383 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2384 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2385 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2386 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2387 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2388 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2389 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 2390 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 2391 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 2392 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffaeaab0000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [fFlags=0x0]
|
|---|
| 2393 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 2394 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffac0990000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
|
|---|
| 2395 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
|
|---|
| 2396 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffabe440000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
|
|---|
| 2397 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 2398 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffaac4e0000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
|
|---|
| 2399 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
|
|---|
| 2400 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaac4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
|
|---|
| 2401 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2402 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
|
|---|
| 2403 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2404 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaae400000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
|
|---|
| 2405 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2406 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
|
|---|
| 2407 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2408 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabe440000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
|
|---|
| 2409 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2410 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2411 | 2f44.2e20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2412 | 2f44.2e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2413 | 2f44.2e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2414 | 2f44.2e20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2415 | 2f44.2e20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
|
|---|
| 2416 | 2f44.2e20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 2417 | 2f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2418 | 2f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2419 | 2f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2420 | 2f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2421 | 2f44.2e20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
|
|---|
| 2422 | 2f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2423 | 2f44.2e20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2424 | 2f44.2e20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2425 | 2f44.2e20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 2426 | 2f44.2e20: supR3HardenedDllNotificationCallback: load 00007ffadd630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
|
|---|
| 2427 | 2f44.2e20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 2428 | 2f44.2e20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd630000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
|
|---|
| 2429 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2430 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2431 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae6850000 'C:\WINDOWS\system32\Iphlpapi.dll'
|
|---|
| 2432 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\winnsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2433 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\winnsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2434 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 2435 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
|
|---|
| 2436 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll)
|
|---|
| 2437 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
|
|---|
| 2438 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae8bd0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
|
|---|
| 2439 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\nsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2440 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\nsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2441 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
|
|---|
| 2442 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
|
|---|
| 2443 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae1f20000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0]
|
|---|
| 2444 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
|
|---|
| 2445 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2446 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2447 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 2448 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll)
|
|---|
| 2449 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
|
|---|
| 2450 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae1460000 LB 0x00016000 C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
|
|---|
| 2451 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
|
|---|
| 2452 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2453 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2454 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 2455 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
|
|---|
| 2456 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
|
|---|
| 2457 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll)
|
|---|
| 2458 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
|
|---|
| 2459 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae1440000 LB 0x0001a000 C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
|
|---|
| 2460 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
|
|---|
| 2461 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll
|
|---|
| 2462 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2463 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2464 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0979042666D2FF6A450082A737154F788178270
|
|---|
| 2465 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 2466 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2467 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 2468 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2469 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2470 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
|
|---|
| 2471 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2472 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2473 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2474 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2475 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 2476 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2477 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
|
|---|
| 2478 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2479 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2480 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2481 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2482 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
|
|---|
| 2483 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2484 | 2f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc.dll'
|
|---|
| 2485 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd4 pwszName=\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll
|
|---|
| 2486 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2487 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2488 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=839F90BCFF138802B805D9F6439239CC98023804
|
|---|
| 2489 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2490 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2491 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 2492 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2493 | 2f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 2494 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2495 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2496 | 2f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
|
|---|
| 2497 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2498 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2499 | 2f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
|
|---|
| 2500 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2501 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2502 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2503 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2504 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2505 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 2506 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'devobj.dll'.
|
|---|
| 2507 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'propsys.dll'.
|
|---|
| 2508 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
|
|---|
| 2509 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2510 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 2511 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2512 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\propsys.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2513 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\propsys.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2514 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2515 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2516 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2517 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
|
|---|
| 2518 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
|
|---|
| 2519 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
|
|---|
| 2520 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 2521 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
|
|---|
| 2522 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2523 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\devobj.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2524 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\devobj.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2525 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2526 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2527 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2528 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2529 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
|
|---|
| 2530 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2531 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2532 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
|
|---|
| 2533 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2534 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
|
|---|
| 2535 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2536 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2537 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'cfgmgr32.dll'.
|
|---|
| 2538 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
|
|---|
| 2539 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 2540 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2541 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2542 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2543 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2544 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 2545 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2546 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
|
|---|
| 2547 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2548 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2549 | 2f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
|
|---|
| 2550 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2551 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2552 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 2553 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 2554 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae7040000 LB 0x00027000 C:\WINDOWS\System32\DEVOBJ.dll [fFlags=0x0]
|
|---|
| 2555 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
|
|---|
| 2556 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae37c0000 LB 0x001b1000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
|
|---|
| 2557 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 2558 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffadf620000 LB 0x0006f000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
|
|---|
| 2559 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2560 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf620000 'C:\WINDOWS\System32\MMDevApi.dll'
|
|---|
| 2561 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\dsound.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2562 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\dsound.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2563 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c10 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2564 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2565 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2566 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=149E0A5A40CD1471B9EF3D3043A8C754805FEC76
|
|---|
| 2567 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2568 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2569 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
|
|---|
| 2570 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2571 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2572 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'winmm.dll'.
|
|---|
| 2573 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
|
|---|
| 2574 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2575 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 2576 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2577 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2578 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2579 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2580 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 2581 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2582 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffabbcf0000 LB 0x0008f000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
|
|---|
| 2583 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2584 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2585 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2586 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\System32\dsound.dll'
|
|---|
| 2587 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\System32\dsound.dll'
|
|---|
| 2588 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2589 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2590 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 2591 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2592 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2593 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadf620000 'C:\WINDOWS\System32\MMDEVAPI.DLL'
|
|---|
| 2594 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2595 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 2596 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2597 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2598 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2599 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d30 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2600 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2601 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2602 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47392EB8EC6AC07C788B971D8BB592B6FD619920
|
|---|
| 2603 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2604 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2605 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
|
|---|
| 2606 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2607 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2608 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mmdevapi.dll'.
|
|---|
| 2609 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'ksuser.dll'.
|
|---|
| 2610 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'avrt.dll'.
|
|---|
| 2611 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
|
|---|
| 2612 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2613 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
|
|---|
| 2614 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2615 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\avrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2616 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\avrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2617 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2618 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2619 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
|
|---|
| 2620 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 2621 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
|
|---|
| 2622 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2623 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\ksuser.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2624 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\ksuser.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2625 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2626 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2627 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2628 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
|
|---|
| 2629 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
|
|---|
| 2630 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 2631 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2632 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2633 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2634 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2635 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2636 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2637 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2638 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2639 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
|
|---|
| 2640 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 2641 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae14a0000 LB 0x00009000 C:\WINDOWS\SYSTEM32\ksuser.dll [fFlags=0x0]
|
|---|
| 2642 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
|
|---|
| 2643 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae2c80000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\AVRT.dll [fFlags=0x0]
|
|---|
| 2644 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 2645 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffaca470000 LB 0x00042000 C:\WINDOWS\System32\wdmaud.drv [fFlags=0x0]
|
|---|
| 2646 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2647 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2648 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2649 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2650 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2651 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2652 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2653 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2654 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2655 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2656 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2657 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2658 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2659 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2660 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2661 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2662 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2663 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2664 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
|
|---|
| 2665 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
|
|---|
| 2666 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
|
|---|
| 2667 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'mmdevapi.dll'.
|
|---|
| 2668 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #56 'avrt.dll'.
|
|---|
| 2669 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
|
|---|
| 2670 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
|
|---|
| 2671 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
|
|---|
| 2672 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2673 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
|
|---|
| 2674 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 2675 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2676 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2677 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2678 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2679 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2680 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2681 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
|
|---|
| 2682 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2683 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [redoing WinVerifyTrust]
|
|---|
| 2684 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2685 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2686 | 2f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll'
|
|---|
| 2687 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2688 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
|
|---|
| 2689 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
|
|---|
| 2690 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
|
|---|
| 2691 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'bcryptprimitives.dll'.
|
|---|
| 2692 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WinTypes.dll)
|
|---|
| 2693 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WinTypes.dll
|
|---|
| 2694 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffae2dc0000 LB 0x00136000 C:\WINDOWS\SYSTEM32\wintypes.dll [fFlags=0x0]
|
|---|
| 2695 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WinTypes.dll [avoiding WinVerifyTrust]
|
|---|
| 2696 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffad0c40000 LB 0x00122000 C:\WINDOWS\System32\AUDIOSES.DLL [fFlags=0x0]
|
|---|
| 2697 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
|
|---|
| 2698 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0c40000 'C:\WINDOWS\System32\AUDIOSES.DLL'
|
|---|
| 2699 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
|
|---|
| 2700 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2701 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
|
|---|
| 2702 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2703 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2704 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
|
|---|
| 2705 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2706 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll
|
|---|
| 2707 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2708 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2709 | 2f44.153c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WinTypes.dll'
|
|---|
| 2710 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2711 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2712 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2713 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
|
|---|
| 2714 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2715 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2716 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaca470000 'C:\WINDOWS\System32\wdmaud.drv'
|
|---|
| 2717 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2718 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2719 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d7c pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2720 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2721 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2722 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8069FA07F8A743E03BD7E2DA392DE4429701D8E6
|
|---|
| 2723 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2724 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2725 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
|
|---|
| 2726 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2727 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2728 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'mmdevapi.dll'.
|
|---|
| 2729 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'msacm32.dll'.
|
|---|
| 2730 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmmbase.dll'.
|
|---|
| 2731 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
|
|---|
| 2732 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2733 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
|
|---|
| 2734 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2735 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmmbase.dll [redoing WinVerifyTrust]
|
|---|
| 2736 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2737 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2738 | 2f44.153c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\winmmbase.dll'
|
|---|
| 2739 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
|
|---|
| 2740 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2741 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2742 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\msacm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2743 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2744 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2745 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2746 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
|
|---|
| 2747 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
|
|---|
| 2748 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 2749 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2750 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
|
|---|
| 2751 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2752 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2753 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2754 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2755 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2756 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2757 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
|
|---|
| 2758 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffad7ce0000 LB 0x0001c000 C:\WINDOWS\SYSTEM32\MSACM32.dll [fFlags=0x0]
|
|---|
| 2759 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
|
|---|
| 2760 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffadd060000 LB 0x0000c000 C:\WINDOWS\System32\msacm32.drv [fFlags=0x0]
|
|---|
| 2761 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2762 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2763 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2764 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2765 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2766 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2767 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2768 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2769 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2770 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2771 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2772 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2773 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2774 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2775 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2776 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2777 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2778 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
|
|---|
| 2779 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2780 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2781 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2782 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2783 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd060000 'C:\WINDOWS\System32\msacm32.drv'
|
|---|
| 2784 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\midimap.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2785 | 2f44.153c: \Device\HarddiskVolume3\Windows\System32\midimap.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2786 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001084 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2787 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2788 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2789 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=725292B88FCE45C617EE0258A333B14CA2D7EF04
|
|---|
| 2790 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2791 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2792 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
|
|---|
| 2793 | 2f44.153c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2794 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2795 | 2f44.153c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winmm.dll'.
|
|---|
| 2796 | 2f44.153c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
|
|---|
| 2797 | 2f44.153c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2798 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 2799 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2800 | 2f44.153c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2801 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2802 | 2f44.153c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2803 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2804 | 2f44.153c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2805 | 2f44.153c: supR3HardenedDllNotificationCallback: load 00007ffadd050000 LB 0x0000a000 C:\WINDOWS\System32\midimap.dll [fFlags=0x0]
|
|---|
| 2806 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2807 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 2808 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2809 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2810 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 2811 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2812 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2813 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 2814 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
|
|---|
| 2815 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000001001:<flags> [calling]
|
|---|
| 2816 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffadd050000 'C:\WINDOWS\System32\midimap.dll'
|
|---|
| 2817 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2818 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2819 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2820 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2821 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2822 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2823 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2824 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2825 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 2826 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2827 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2828 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2829 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 2830 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
|
|---|
| 2831 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2832 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2833 | 2f44.153c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
|
|---|
| 2834 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2835 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffabbcf0000 'C:\WINDOWS\system32\dsound.dll'
|
|---|
| 2836 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2837 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2838 | 2f44.153c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae51a0000 'C:\WINDOWS\System32\winmm.dll'
|
|---|
| 2839 | 2f44.2124: \Device\HarddiskVolume3\Windows\System32\tzres.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2840 | 2f44.2124: \Device\HarddiskVolume3\Windows\System32\tzres.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2841 | 2f44.2124: '\Device\HarddiskVolume3\Windows\System32\tzres.dll' has no imports
|
|---|
| 2842 | 2f44.2124: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\tzres.dll)
|
|---|
| 2843 | 2f44.2124: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\tzres.dll
|
|---|
| 2844 | 2f44.2124: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000012c8 (hFile=000000000000131c) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 2845 | 2f44.2124: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
|
|---|
| 2846 | 2f44.2124: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 000000000000131c (hFile=00000000000012c8) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 2847 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012d0 pwszName=\Device\HarddiskVolume3\Windows\System32\tzres.dll
|
|---|
| 2848 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 2849 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 2850 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCD6851397609F5A60EB791379F579F266921FA4
|
|---|
| 2851 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2852 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2853 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_638_for_KB4093112~31bf3856ad364e35~amd64~~10.0.1.3.cat'; file='\Device\HarddiskVolume3\Windows\System32\tzres.dll'
|
|---|
| 2854 | 2f44.2ad4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2855 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\tzres.dll'
|
|---|
| 2856 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2857 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2858 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2859 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2860 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 2861 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2862 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2863 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2864 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2865 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2866 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2867 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'coreuicomponents.dll'.
|
|---|
| 2868 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'coremessaging.dll'.
|
|---|
| 2869 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll)
|
|---|
| 2870 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll
|
|---|
| 2871 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2872 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2873 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2874 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'coremessaging.dll'.
|
|---|
| 2875 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'shcore.dll'.
|
|---|
| 2876 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll)
|
|---|
| 2877 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll
|
|---|
| 2878 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2879 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2880 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2881 | 2f44.2ad4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
|
|---|
| 2882 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll)
|
|---|
| 2883 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll
|
|---|
| 2884 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2885 | 2f44.2ad4: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2886 | 2f44.2ad4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntmarta.dll)
|
|---|
| 2887 | 2f44.2ad4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntmarta.dll
|
|---|
| 2888 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae63c0000 LB 0x00031000 C:\WINDOWS\SYSTEM32\ntmarta.dll [fFlags=0x0]
|
|---|
| 2889 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
|
|---|
| 2890 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae4610000 LB 0x000dc000 C:\WINDOWS\System32\CoreMessaging.dll [fFlags=0x0]
|
|---|
| 2891 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [avoiding WinVerifyTrust]
|
|---|
| 2892 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffae2860000 LB 0x002ee000 C:\WINDOWS\System32\CoreUIComponents.dll [fFlags=0x0]
|
|---|
| 2893 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [avoiding WinVerifyTrust]
|
|---|
| 2894 | 2f44.2ad4: supR3HardenedDllNotificationCallback: load 00007ffadb370000 LB 0x00098000 C:\WINDOWS\System32\TextInputFramework.dll [fFlags=0x0]
|
|---|
| 2895 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll [avoiding WinVerifyTrust]
|
|---|
| 2896 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2897 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2898 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2899 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2900 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 2901 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2902 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 2903 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2904 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2905 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2906 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2907 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2908 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coremessaging.dll'...
|
|---|
| 2909 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coremessaging.dll' -> '\Device\HarddiskVolume3\Windows\System32\coremessaging.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2910 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll [lacks WinVerifyTrust]
|
|---|
| 2911 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'coreuicomponents.dll'...
|
|---|
| 2912 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'coreuicomponents.dll' -> '\Device\HarddiskVolume3\Windows\System32\coreuicomponents.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2913 | 2f44.2ad4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll [lacks WinVerifyTrust]
|
|---|
| 2914 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2915 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2916 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2917 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7340000 'C:\Windows\System32\WINTRUST.DLL'
|
|---|
| 2918 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\CRYPT32.dll'
|
|---|
| 2919 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2920 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ntmarta.dll'
|
|---|
| 2921 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2922 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2923 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreMessaging.dll'
|
|---|
| 2924 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2925 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2926 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\CoreUIComponents.dll'
|
|---|
| 2927 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 2928 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 2929 | 2f44.2ad4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\TextInputFramework.dll'
|
|---|
| 2930 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2931 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2932 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2933 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2934 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2935 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2936 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaea220000 'C:\WINDOWS\System32\OLEAUT32.DLL'
|
|---|
| 2937 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2938 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2939 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll'
|
|---|
| 2940 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2941 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2942 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8be0000 'ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll'
|
|---|
| 2943 | 2f44.2ad4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-com-l1-1-0.dll) -> 0x0, fPresent=1
|
|---|
| 2944 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-com-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 2945 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae85e0000 'api-ms-win-core-com-l1-1-0.dll'
|
|---|
| 2946 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
|
|---|
| 2947 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
|
|---|
| 2948 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
|
|---|
| 2949 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
|
|---|
| 2950 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
|
|---|
| 2951 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
|
|---|
| 2952 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
|
|---|
| 2953 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
|
|---|
| 2954 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\System32\thai.dll': 0 (NtPath=\??\C:\WINDOWS\System32\thai.dll; Input=thai.dll; rcNtGetDll=0xc0000135
|
|---|
| 2955 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\System32\thai.dll'
|
|---|
| 2956 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2957 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 2958 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\cldapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2959 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\cldapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2960 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'fltlib.dll'.
|
|---|
| 2961 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'aepic.dll'.
|
|---|
| 2962 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cldapi.dll)
|
|---|
| 2963 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cldapi.dll
|
|---|
| 2964 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\fltLib.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 2965 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\fltLib.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2966 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\fltLib.dll)
|
|---|
| 2967 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\fltLib.dll
|
|---|
| 2968 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2969 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
|
|---|
| 2970 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'bcrypt.dll'.
|
|---|
| 2971 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\aepic.dll)
|
|---|
| 2972 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\aepic.dll
|
|---|
| 2973 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad5580000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\FLTLIB.DLL [fFlags=0x0]
|
|---|
| 2974 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [avoiding WinVerifyTrust]
|
|---|
| 2975 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad19d0000 LB 0x00044000 C:\WINDOWS\SYSTEM32\AEPIC.dll [fFlags=0x0]
|
|---|
| 2976 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\aepic.dll [avoiding WinVerifyTrust]
|
|---|
| 2977 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad1a20000 LB 0x00019000 C:\WINDOWS\SYSTEM32\CLDAPI.dll [fFlags=0x0]
|
|---|
| 2978 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cldapi.dll [avoiding WinVerifyTrust]
|
|---|
| 2979 | 2f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\aepic.dll'.
|
|---|
| 2980 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\aepic.dll' [rescheduled]
|
|---|
| 2981 | 2f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
|
|---|
| 2982 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\fltLib.dll' [rescheduled]
|
|---|
| 2983 | 2f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cldapi.dll'.
|
|---|
| 2984 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cldapi.dll' [rescheduled]
|
|---|
| 2985 | 2f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
|
|---|
| 2986 | 2f44.11fc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
|
|---|
| 2987 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll)
|
|---|
| 2988 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 2989 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 2990 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2991 | 2f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
|
|---|
| 2992 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2993 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2994 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2995 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2996 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'aepic.dll'...
|
|---|
| 2997 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'aepic.dll' -> '\Device\HarddiskVolume3\Windows\System32\aepic.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2998 | 2f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\aepic.dll [redoing WinVerifyTrust]
|
|---|
| 2999 | 2f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\aepic.dll'.
|
|---|
| 3000 | 2f44.11fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\aepic.dll
|
|---|
| 3001 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fltlib.dll'...
|
|---|
| 3002 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'fltlib.dll' -> '\Device\HarddiskVolume3\Windows\System32\fltlib.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3003 | 2f44.11fc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\fltLib.dll [redoing WinVerifyTrust]
|
|---|
| 3004 | 2f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\fltLib.dll'.
|
|---|
| 3005 | 2f44.11fc: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\fltLib.dll
|
|---|
| 3006 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3007 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeaf40000 'C:\WINDOWS\System32\ntdll.dll'
|
|---|
| 3008 | 2f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
|
|---|
| 3009 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' [rescheduled]
|
|---|
| 3010 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 3011 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\propsys.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3012 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae37c0000 'C:\WINDOWS\system32\propsys.dll'
|
|---|
| 3013 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll [redoing WinVerifyTrust]
|
|---|
| 3014 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3015 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3016 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\windows.storage.dll'
|
|---|
| 3017 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Windows.Storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3018 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7590000 'C:\WINDOWS\system32\Windows.Storage.dll'
|
|---|
| 3019 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
|
|---|
| 3020 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windows.storage.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3021 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae7590000 'C:\WINDOWS\system32\windows.storage.dll'
|
|---|
| 3022 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3023 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3024 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3025 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
|
|---|
| 3026 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
|
|---|
| 3027 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll) WinVerifyTrust
|
|---|
| 3028 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
|
|---|
| 3029 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3030 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3031 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3032 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3033 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3034 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3035 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 3036 | 2f44.11fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
|
|---|
| 3037 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffad4f40000 LB 0x00269000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll [fFlags=0x0]
|
|---|
| 3038 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
|
|---|
| 3039 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4f40000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll'
|
|---|
| 3040 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll
|
|---|
| 3041 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000004001:<flags> [calling]
|
|---|
| 3042 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad4f40000 'C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.431_none_15c7d3ee93659e73\comctl32.dll'
|
|---|
| 3043 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3044 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3045 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3046 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 3047 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll)
|
|---|
| 3048 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
|
|---|
| 3049 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae2f00000 LB 0x001ab000 C:\WINDOWS\SYSTEM32\WindowsCodecs.dll [fFlags=0x0]
|
|---|
| 3050 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll [avoiding WinVerifyTrust]
|
|---|
| 3051 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3052 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3053 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3054 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3055 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3056 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3057 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll'
|
|---|
| 3058 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3059 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3060 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\apphelp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3061 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3062 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
|
|---|
| 3063 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
|
|---|
| 3064 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae5380000 LB 0x00088000 C:\WINDOWS\SYSTEM32\apphelp.dll [fFlags=0x0]
|
|---|
| 3065 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [avoiding WinVerifyTrust]
|
|---|
| 3066 | 2f44.11fc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\apphelp.dll'.
|
|---|
| 3067 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\apphelp.dll' [rescheduled]
|
|---|
| 3068 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdll.dll [redoing WinVerifyTrust]
|
|---|
| 3069 | 2f44.11fc: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Windows\System32\ntdll.dll'.
|
|---|
| 3070 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume3\Windows\System32\ntdll.dll
|
|---|
| 3071 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 3072 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffaeaf40000 'C:\WINDOWS\System32\ntdll.dll'
|
|---|
| 3073 | 2f44.2a48: \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3074 | 2f44.2a48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll)
|
|---|
| 3075 | 2f44.2a48: Error (rc=0):
|
|---|
| 3076 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll'.
|
|---|
| 3077 | 2f44.2a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll
|
|---|
| 3078 | 2f44.2a48: Error (rc=0):
|
|---|
| 3079 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\ProgramData\MEGAsync\ShellExtX64.dll' (C:\ProgramData\MEGAsync\ShellExtX64.dll): rcNt=0xc0000190
|
|---|
| 3080 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\ProgramData\MEGAsync\ShellExtX64.dll'
|
|---|
| 3081 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll [lacks WinVerifyTrust]
|
|---|
| 3082 | 2f44.2a48: Error (rc=0):
|
|---|
| 3083 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll
|
|---|
| 3084 | 2f44.2a48: Error (rc=0):
|
|---|
| 3085 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\ProgramData\MEGAsync\ShellExtX64.dll' (C:\ProgramData\MEGAsync\ShellExtX64.dll): rcNt=0xc0000190
|
|---|
| 3086 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\ProgramData\MEGAsync\ShellExtX64.dll'
|
|---|
| 3087 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll [lacks WinVerifyTrust]
|
|---|
| 3088 | 2f44.2a48: Error (rc=0):
|
|---|
| 3089 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\ProgramData\MEGAsync\ShellExtX64.dll
|
|---|
| 3090 | 2f44.2a48: Error (rc=0):
|
|---|
| 3091 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\ProgramData\MEGAsync\ShellExtX64.dll' (C:\ProgramData\MEGAsync\ShellExtX64.dll): rcNt=0xc0000190
|
|---|
| 3092 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\ProgramData\MEGAsync\ShellExtX64.dll'
|
|---|
| 3093 | 2f44.2a48: \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3094 | 2f44.2a48: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll)
|
|---|
| 3095 | 2f44.2a48: Error (rc=0):
|
|---|
| 3096 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'.
|
|---|
| 3097 | 2f44.2a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
|
|---|
| 3098 | 2f44.2a48: Error (rc=0):
|
|---|
| 3099 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3100 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
|
|---|
| 3101 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3102 | 2f44.2a48: Error (rc=0):
|
|---|
| 3103 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
|
|---|
| 3104 | 2f44.2a48: Error (rc=0):
|
|---|
| 3105 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3106 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
|
|---|
| 3107 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3108 | 2f44.2a48: Error (rc=0):
|
|---|
| 3109 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
|
|---|
| 3110 | 2f44.2a48: Error (rc=0):
|
|---|
| 3111 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3112 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
|
|---|
| 3113 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3114 | 2f44.2a48: Error (rc=0):
|
|---|
| 3115 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
|
|---|
| 3116 | 2f44.2a48: Error (rc=0):
|
|---|
| 3117 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3118 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
|
|---|
| 3119 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3120 | 2f44.2a48: Error (rc=0):
|
|---|
| 3121 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
|
|---|
| 3122 | 2f44.2a48: Error (rc=0):
|
|---|
| 3123 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3124 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
|
|---|
| 3125 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -5667 (0xffffe9dd)) on \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll [lacks WinVerifyTrust]
|
|---|
| 3126 | 2f44.2a48: Error (rc=0):
|
|---|
| 3127 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume3\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll
|
|---|
| 3128 | 2f44.2a48: Error (rc=0):
|
|---|
| 3129 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll' (C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll): rcNt=0xc0000190
|
|---|
| 3130 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Users\SUPERNOOB20\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll'
|
|---|
| 3131 | 2f44.2a48: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3132 | 2f44.2a48: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3133 | 2f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b48 pwszName=\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3134 | 2f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 3135 | 2f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 3136 | 2f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3395EEF5B8F5F6F8D85A6FC3DFB1F43861DD917C
|
|---|
| 3137 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3138 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3139 | 2f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0017~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll'
|
|---|
| 3140 | 2f44.2a48: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3141 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3142 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3143 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 3144 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
|
|---|
| 3145 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 3146 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 3147 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
|
|---|
| 3148 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
|
|---|
| 3149 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'comctl32.dll'.
|
|---|
| 3150 | 2f44.2a48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'setupapi.dll'.
|
|---|
| 3151 | 2f44.2a48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\EhStorShell.dll) WinVerifyTrust
|
|---|
| 3152 | 2f44.2a48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3153 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3154 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3155 | 2f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
|
|---|
| 3156 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
|
|---|
| 3157 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
|
|---|
| 3158 | 2f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comctl32.dll [redoing WinVerifyTrust]
|
|---|
| 3159 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3160 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3161 | 2f44.2a48: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
|
|---|
| 3162 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 3163 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3164 | 2f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
|
|---|
| 3165 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 3166 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3167 | 2f44.2a48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
|
|---|
| 3168 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 3169 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3170 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3171 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3172 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3173 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3174 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3175 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3176 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3177 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3178 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3179 | 2f44.2a48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3180 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\EhStorShell.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3181 | 2f44.2a48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3182 | 2f44.2a48: supR3HardenedDllNotificationCallback: load 00007ffad0e90000 LB 0x00036000 C:\Windows\System32\EhStorShell.dll [fFlags=0x0]
|
|---|
| 3183 | 2f44.2a48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\EhStorShell.dll
|
|---|
| 3184 | 2f44.2a48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffad0e90000 'C:\Windows\System32\EhStorShell.dll'
|
|---|
| 3185 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\Windows\System32\shell32.dll'
|
|---|
| 3186 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\System32\shell32.dll'
|
|---|
| 3187 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\System32\shell32.dll'
|
|---|
| 3188 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3189 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3190 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3191 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3192 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3193 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shcore.dll'.
|
|---|
| 3194 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 3195 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\thumbcache.dll) WinVerifyTrust
|
|---|
| 3196 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
|
|---|
| 3197 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3198 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3199 | 2f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
|
|---|
| 3200 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
|
|---|
| 3201 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume3\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3202 | 2f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\SHCore.dll
|
|---|
| 3203 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3204 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3205 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\thumbcache.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3206 | 2f44.11fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
|
|---|
| 3207 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae2240000 LB 0x0005b000 C:\Windows\System32\thumbcache.dll [fFlags=0x0]
|
|---|
| 3208 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\thumbcache.dll
|
|---|
| 3209 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2240000 'C:\Windows\System32\thumbcache.dll'
|
|---|
| 3210 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\imageres.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3211 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\imageres.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3212 | 2f44.11fc: '\Device\HarddiskVolume3\Windows\System32\imageres.dll' has no imports
|
|---|
| 3213 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imageres.dll)
|
|---|
| 3214 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imageres.dll
|
|---|
| 3215 | 2f44.11fc: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000001008 (hFile=0000000000000d2c) with 0xc0000022 -> STATUS_TRUST_FAILURE
|
|---|
| 3216 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\policymanager.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3217 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\policymanager.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3218 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp110_win.dll'.
|
|---|
| 3219 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 3220 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
|
|---|
| 3221 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\policymanager.dll)
|
|---|
| 3222 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\policymanager.dll
|
|---|
| 3223 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 8d a6 8b 54 87 8e 35 be 3c 1d 7f e7 e9 03 00 00)
|
|---|
| 3224 | 2f44.11fc: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3225 | 2f44.11fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3226 | 2f44.11fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll)
|
|---|
| 3227 | 2f44.11fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll
|
|---|
| 3228 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffae3c10000 LB 0x00090000 C:\WINDOWS\SYSTEM32\msvcp110_win.dll [fFlags=0x0]
|
|---|
| 3229 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [avoiding WinVerifyTrust]
|
|---|
| 3230 | 2f44.11fc: supR3HardenedDllNotificationCallback: load 00007ffadf740000 LB 0x0007a000 C:\WINDOWS\SYSTEM32\policymanager.dll [fFlags=0x0]
|
|---|
| 3231 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\policymanager.dll [avoiding WinVerifyTrust]
|
|---|
| 3232 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3233 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3234 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3235 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3236 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3237 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3238 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp110_win.dll'...
|
|---|
| 3239 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp110_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3240 | 2f44.11fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll [lacks WinVerifyTrust]
|
|---|
| 3241 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3242 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3243 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcp110_win.dll'
|
|---|
| 3244 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3245 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3246 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\policymanager.dll'
|
|---|
| 3247 | 2f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001010 pwszName=\Device\HarddiskVolume3\Windows\System32\imageres.dll
|
|---|
| 3248 | 2f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002abecc0
|
|---|
| 3249 | 2f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002abecc0
|
|---|
| 3250 | 2f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=036FA6C7BD3AA838299F5D4D956B85E8A37C2648
|
|---|
| 3251 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae66c0000 'C:\WINDOWS\system32\rsaenh.dll'
|
|---|
| 3252 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8240000 'C:\WINDOWS\System32\crypt32.dll'
|
|---|
| 3253 | 2f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package02~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\Device\HarddiskVolume3\Windows\System32\imageres.dll'
|
|---|
| 3254 | 2f44.11fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3255 | 2f44.11fc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imageres.dll'
|
|---|
| 3256 | 2f44.11fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\WindowsCodecs.dll
|
|---|
| 3257 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\windowscodecs.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000002009:<flags> [calling]
|
|---|
| 3258 | 2f44.11fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae2f00000 'C:\WINDOWS\system32\windowscodecs.dll'
|
|---|
| 3259 | 2f44.2ad4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
|
|---|
| 3260 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
|
|---|
| 3261 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3262 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3263 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3264 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3265 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3266 | 2f44.2ad4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffae8d70000 'C:\WINDOWS\system32\shell32.dll'
|
|---|
| 3267 | 2f44.2a48: supR3HardenedDllNotificationCallback: Unload 00007ffad0e90000 LB 0x00036000 C:\Windows\System32\EhStorShell.dll [flags=0x0]
|
|---|
| 3268 | 2f44.2e20: supR3HardenedDllNotificationCallback: Unload 00007ffadd630000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
|
|---|
| 3269 | 2f44.245c: supR3HardenedDllNotificationCallback: Unload 00007ffadd640000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
|
|---|
| 3270 | 2f44.2f50: supR3HardenedDllNotificationCallback: Unload 00007ffadd810000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
|
|---|
| 3271 | 2f44.1b68: supR3HardenedDllNotificationCallback: Unload 00007ffae2170000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
|
|---|
| 3272 | 2f44.29b4: supR3HardenedDllNotificationCallback: Unload 00007ffae3cd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
|
|---|
| 3273 | 2f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffaac4e0000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
|
|---|
| 3274 | 2f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffac0990000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
|
|---|
| 3275 | 2f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffabe440000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
|
|---|
| 3276 | 2f44.153c: supR3HardenedDllNotificationCallback: Unload 00007ffaeaab0000 LB 0x0044e000 C:\WINDOWS\System32\SETUPAPI.dll [flags=0x0]
|
|---|
| 3277 | 2f44.2ad4: Terminating the normal way: rcExit=0
|
|---|
| 3278 | 1a70.1930: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1052372 ms, the end);
|
|---|
| 3279 | 1158.2bcc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1053450 ms, the end);
|
|---|