| 1 | 12d8.1364: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
|
|---|
| 2 | 12d8.1364: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 12d8.1364: CreationTime: 2010-11-21T03:24:02.237248300Z
|
|---|
| 4 | 12d8.1364: LastWriteTime: 2010-11-21T03:24:02.237248300Z
|
|---|
| 5 | 12d8.1364: ChangeTime: 2016-10-25T11:50:22.928484300Z
|
|---|
| 6 | 12d8.1364: FileAttributes: 0x20
|
|---|
| 7 | 12d8.1364: Size: 0x1a6d60
|
|---|
| 8 | 12d8.1364: NT Headers: 0xe0
|
|---|
| 9 | 12d8.1364: Timestamp: 0x4ce7c8f9
|
|---|
| 10 | 12d8.1364: Machine: 0x8664 - amd64
|
|---|
| 11 | 12d8.1364: Timestamp: 0x4ce7c8f9
|
|---|
| 12 | 12d8.1364: Image Version: 6.1
|
|---|
| 13 | 12d8.1364: SizeOfImage: 0x1a9000 (1740800)
|
|---|
| 14 | 12d8.1364: Resource Dir: 0x151000 LB 0x560d8
|
|---|
| 15 | 12d8.1364: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 12d8.1364: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 12d8.1364: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 12d8.1364: ProductVersion: 6.1.7601.17514
|
|---|
| 19 | 12d8.1364: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 20 | 12d8.1364: FileDescription: NT Layer DLL
|
|---|
| 21 | 12d8.1364: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 12d8.1364: CreationTime: 2010-11-21T03:24:10.130862200Z
|
|---|
| 23 | 12d8.1364: LastWriteTime: 2010-11-21T03:24:10.130862200Z
|
|---|
| 24 | 12d8.1364: ChangeTime: 2016-10-25T11:50:21.493281700Z
|
|---|
| 25 | 12d8.1364: FileAttributes: 0x20
|
|---|
| 26 | 12d8.1364: Size: 0x11b800
|
|---|
| 27 | 12d8.1364: NT Headers: 0xe8
|
|---|
| 28 | 12d8.1364: Timestamp: 0x4ce7c78b
|
|---|
| 29 | 12d8.1364: Machine: 0x8664 - amd64
|
|---|
| 30 | 12d8.1364: Timestamp: 0x4ce7c78b
|
|---|
| 31 | 12d8.1364: Image Version: 6.1
|
|---|
| 32 | 12d8.1364: SizeOfImage: 0x11f000 (1175552)
|
|---|
| 33 | 12d8.1364: Resource Dir: 0x116000 LB 0x528
|
|---|
| 34 | 12d8.1364: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 12d8.1364: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 12d8.1364: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 12d8.1364: ProductVersion: 6.1.7601.17514
|
|---|
| 38 | 12d8.1364: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 39 | 12d8.1364: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 12d8.1364: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 12d8.1364: CreationTime: 2010-11-21T03:24:25.294088800Z
|
|---|
| 42 | 12d8.1364: LastWriteTime: 2010-11-21T03:24:25.294088800Z
|
|---|
| 43 | 12d8.1364: ChangeTime: 2016-10-25T11:50:21.493281700Z
|
|---|
| 44 | 12d8.1364: FileAttributes: 0x20
|
|---|
| 45 | 12d8.1364: Size: 0x66800
|
|---|
| 46 | 12d8.1364: NT Headers: 0xf0
|
|---|
| 47 | 12d8.1364: Timestamp: 0x4ce7c78c
|
|---|
| 48 | 12d8.1364: Machine: 0x8664 - amd64
|
|---|
| 49 | 12d8.1364: Timestamp: 0x4ce7c78c
|
|---|
| 50 | 12d8.1364: Image Version: 6.1
|
|---|
| 51 | 12d8.1364: SizeOfImage: 0x6b000 (438272)
|
|---|
| 52 | 12d8.1364: Resource Dir: 0x69000 LB 0x530
|
|---|
| 53 | 12d8.1364: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 12d8.1364: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 12d8.1364: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 12d8.1364: ProductVersion: 6.1.7601.17514
|
|---|
| 57 | 12d8.1364: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 58 | 12d8.1364: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 12d8.1364: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 12d8.1364: CreationTime: 2009-07-13T23:18:54.866423200Z
|
|---|
| 61 | 12d8.1364: LastWriteTime: 2009-07-14T01:24:53.779000000Z
|
|---|
| 62 | 12d8.1364: ChangeTime: 2016-10-25T11:50:24.660087300Z
|
|---|
| 63 | 12d8.1364: FileAttributes: 0x20
|
|---|
| 64 | 12d8.1364: Size: 0x1a00
|
|---|
| 65 | 12d8.1364: NT Headers: 0xc0
|
|---|
| 66 | 12d8.1364: Timestamp: 0x4a5bdeab
|
|---|
| 67 | 12d8.1364: Machine: 0x8664 - amd64
|
|---|
| 68 | 12d8.1364: Timestamp: 0x4a5bdeab
|
|---|
| 69 | 12d8.1364: Image Version: 6.1
|
|---|
| 70 | 12d8.1364: SizeOfImage: 0x50000 (327680)
|
|---|
| 71 | 12d8.1364: Resource Dir: 0x30000 LB 0x3f0
|
|---|
| 72 | 12d8.1364: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 12d8.1364: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 12d8.1364: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 12d8.1364: ProductVersion: 6.1.7600.16385
|
|---|
| 76 | 12d8.1364: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
|
|---|
| 77 | 12d8.1364: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 12d8.1364: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 79 | 12d8.1364: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 80 | 12d8.1364: Calling main()
|
|---|
| 81 | 12d8.1364: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 82 | 12d8.1364: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 83 | 12d8.1364: SUPR3HardenedMain: Respawn #1
|
|---|
| 84 | 12d8.1364: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 85 | 12d8.1364: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 86 | 12d8.1364: KnownDllPath: C:\Windows\system32
|
|---|
| 87 | 12d8.1364: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 88 | 12d8.1364: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe)
|
|---|
| 89 | 12d8.1364: supR3HardNtEnableThreadCreation:
|
|---|
| 90 | 12d8.1364: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840
|
|---|
| 91 | 12d8.1364: supR3HardenedWinDoReSpawn(1): New child e7c.df4 [kernel32].
|
|---|
| 92 | 12d8.1364: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
|
|---|
| 93 | 12d8.1364: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077100000 uNtDllChildAddr=0000000077100000
|
|---|
| 94 | 12d8.1364: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007712c320
|
|---|
| 95 | 12d8.1364: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 96 | 12d8.1364: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 97 | 12d8.1364: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
|
|---|
| 98 | 12d8.1364: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 99 | 12d8.1364: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
|
|---|
| 100 | 12d8.1364: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
|
|---|
| 101 | 12d8.1364: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
|
|---|
| 102 | 12d8.1364: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
|
|---|
| 103 | 12d8.1364: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
|
|---|
| 104 | 12d8.1364: 0000000000041000-00000000001affff 0x0001/0x0000 0x0000000
|
|---|
| 105 | 12d8.1364: *00000000001b0000-00000000002abfff 0x0000/0x0004 0x0020000
|
|---|
| 106 | 12d8.1364: 00000000002ac000-00000000002adfff 0x0104/0x0004 0x0020000
|
|---|
| 107 | 12d8.1364: 00000000002ae000-00000000002affff 0x0004/0x0004 0x0020000
|
|---|
| 108 | 12d8.1364: 00000000002b0000-00000000770fffff 0x0001/0x0000 0x0000000
|
|---|
| 109 | 12d8.1364: *0000000077100000-0000000077100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 110 | 12d8.1364: 0000000077101000-0000000077202fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 111 | 12d8.1364: 0000000077203000-0000000077231fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 112 | 12d8.1364: 0000000077232000-000000007723dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 113 | 12d8.1364: 000000007723e000-00000000772a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 114 | 12d8.1364: 00000000772a9000-000000007efdffff 0x0001/0x0000 0x0000000
|
|---|
| 115 | 12d8.1364: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
|
|---|
| 116 | 12d8.1364: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 117 | 12d8.1364: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
|
|---|
| 118 | 12d8.1364: 000000007fff0000-000000013fb1ffff 0x0001/0x0000 0x0000000
|
|---|
| 119 | 12d8.1364: *000000013fb20000-000000013fb20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 120 | 12d8.1364: 000000013fb21000-000000013fb91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 121 | 12d8.1364: 000000013fb92000-000000013fb92fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 122 | 12d8.1364: 000000013fb93000-000000013fbd8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 123 | 12d8.1364: 000000013fbd9000-000000013fbd9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 124 | 12d8.1364: 000000013fbda000-000000013fbdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 125 | 12d8.1364: 000000013fbdb000-000000013fbdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 126 | 12d8.1364: 000000013fbe0000-000000013fbe0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 127 | 12d8.1364: 000000013fbe1000-000000013fbe1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 128 | 12d8.1364: 000000013fbe2000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 129 | 12d8.1364: 000000013fbe6000-000000013fc2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 130 | 12d8.1364: 000000013fc2e000-000007feff41ffff 0x0001/0x0000 0x0000000
|
|---|
| 131 | 12d8.1364: *000007feff420000-000007feff420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 132 | 12d8.1364: 000007feff421000-000007fffffaffff 0x0001/0x0000 0x0000000
|
|---|
| 133 | 12d8.1364: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
|
|---|
| 134 | 12d8.1364: *000007fffffd3000-000007fffffd3fff 0x0004/0x0004 0x0020000
|
|---|
| 135 | 12d8.1364: 000007fffffd4000-000007fffffddfff 0x0001/0x0000 0x0000000
|
|---|
| 136 | 12d8.1364: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
|
|---|
| 137 | 12d8.1364: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
|
|---|
| 138 | 12d8.1364: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
|
|---|
| 139 | 12d8.1364: VirtualBox.exe: timestamp 0x5be4900d (rc=VINF_SUCCESS)
|
|---|
| 140 | 12d8.1364: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 141 | 12d8.1364: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 142 | 12d8.1364: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 143 | 12d8.1364: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
|
|---|
| 144 | 12d8.1364: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 145 | 12d8.1364: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 146 | 12d8.1364: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 147 | 12d8.1364: supR3HardNtChildPurify: Done after 318 ms and 0 fixes (loop #0).
|
|---|
| 148 | e7c.df4: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
|
|---|
| 149 | e7c.df4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077100000 g_uNtVerCombined=0x611db100
|
|---|
| 150 | e7c.df4: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
|
|---|
| 151 | e7c.df4: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1740800 allocation)
|
|---|
| 152 | 12d8.1364: supR3HardNtEnableThreadCreation:
|
|---|
| 153 | e7c.df4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 154 | e7c.df4: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 155 | e7c.df4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 156 | e7c.df4: KnownDllPath: C:\Windows\system32
|
|---|
| 157 | e7c.df4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 158 | e7c.df4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 159 | e7c.df4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 160 | e7c.df4: Registered Dll notification callback with NTDLL.
|
|---|
| 161 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 162 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 163 | e7c.df4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
|
|---|
| 164 | e7c.df4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 165 | e7c.df4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
|
|---|
| 166 | e7c.df4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 167 | e7c.df4: supR3HardenedDllNotificationCallback: load 0000000076fe0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
|
|---|
| 168 | e7c.df4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 169 | e7c.df4: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 170 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 171 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 172 | e7c.df4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
|
|---|
| 173 | e7c.df4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 174 | e7c.df4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll'
|
|---|
| 175 | e7c.df4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840
|
|---|
| 176 | 12d8.1364: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 43 ms.
|
|---|
| 177 | e7c.df4: \SystemRoot\System32\ntdll.dll:
|
|---|
| 178 | e7c.df4: CreationTime: 2010-11-21T03:24:02.237248300Z
|
|---|
| 179 | e7c.df4: LastWriteTime: 2010-11-21T03:24:02.237248300Z
|
|---|
| 180 | e7c.df4: ChangeTime: 2016-10-25T11:50:22.928484300Z
|
|---|
| 181 | e7c.df4: FileAttributes: 0x20
|
|---|
| 182 | e7c.df4: Size: 0x1a6d60
|
|---|
| 183 | e7c.df4: NT Headers: 0xe0
|
|---|
| 184 | e7c.df4: Timestamp: 0x4ce7c8f9
|
|---|
| 185 | e7c.df4: Machine: 0x8664 - amd64
|
|---|
| 186 | e7c.df4: Timestamp: 0x4ce7c8f9
|
|---|
| 187 | e7c.df4: Image Version: 6.1
|
|---|
| 188 | e7c.df4: SizeOfImage: 0x1a9000 (1740800)
|
|---|
| 189 | e7c.df4: Resource Dir: 0x151000 LB 0x560d8
|
|---|
| 190 | e7c.df4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 191 | e7c.df4: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 192 | e7c.df4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 193 | e7c.df4: ProductVersion: 6.1.7601.17514
|
|---|
| 194 | e7c.df4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 195 | e7c.df4: FileDescription: NT Layer DLL
|
|---|
| 196 | e7c.df4: \SystemRoot\System32\kernel32.dll:
|
|---|
| 197 | e7c.df4: CreationTime: 2010-11-21T03:24:10.130862200Z
|
|---|
| 198 | e7c.df4: LastWriteTime: 2010-11-21T03:24:10.130862200Z
|
|---|
| 199 | e7c.df4: ChangeTime: 2016-10-25T11:50:21.493281700Z
|
|---|
| 200 | e7c.df4: FileAttributes: 0x20
|
|---|
| 201 | e7c.df4: Size: 0x11b800
|
|---|
| 202 | e7c.df4: NT Headers: 0xe8
|
|---|
| 203 | e7c.df4: Timestamp: 0x4ce7c78b
|
|---|
| 204 | e7c.df4: Machine: 0x8664 - amd64
|
|---|
| 205 | e7c.df4: Timestamp: 0x4ce7c78b
|
|---|
| 206 | e7c.df4: Image Version: 6.1
|
|---|
| 207 | e7c.df4: SizeOfImage: 0x11f000 (1175552)
|
|---|
| 208 | e7c.df4: Resource Dir: 0x116000 LB 0x528
|
|---|
| 209 | e7c.df4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 210 | e7c.df4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 211 | e7c.df4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 212 | e7c.df4: ProductVersion: 6.1.7601.17514
|
|---|
| 213 | e7c.df4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 214 | e7c.df4: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 215 | e7c.df4: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 216 | e7c.df4: CreationTime: 2010-11-21T03:24:25.294088800Z
|
|---|
| 217 | e7c.df4: LastWriteTime: 2010-11-21T03:24:25.294088800Z
|
|---|
| 218 | e7c.df4: ChangeTime: 2016-10-25T11:50:21.493281700Z
|
|---|
| 219 | e7c.df4: FileAttributes: 0x20
|
|---|
| 220 | e7c.df4: Size: 0x66800
|
|---|
| 221 | e7c.df4: NT Headers: 0xf0
|
|---|
| 222 | e7c.df4: Timestamp: 0x4ce7c78c
|
|---|
| 223 | e7c.df4: Machine: 0x8664 - amd64
|
|---|
| 224 | e7c.df4: Timestamp: 0x4ce7c78c
|
|---|
| 225 | e7c.df4: Image Version: 6.1
|
|---|
| 226 | e7c.df4: SizeOfImage: 0x6b000 (438272)
|
|---|
| 227 | e7c.df4: Resource Dir: 0x69000 LB 0x530
|
|---|
| 228 | e7c.df4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 229 | e7c.df4: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
|
|---|
| 230 | e7c.df4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 231 | e7c.df4: ProductVersion: 6.1.7601.17514
|
|---|
| 232 | e7c.df4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 233 | e7c.df4: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 234 | e7c.df4: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 235 | e7c.df4: CreationTime: 2009-07-13T23:18:54.866423200Z
|
|---|
| 236 | e7c.df4: LastWriteTime: 2009-07-14T01:24:53.779000000Z
|
|---|
| 237 | e7c.df4: ChangeTime: 2016-10-25T11:50:24.660087300Z
|
|---|
| 238 | e7c.df4: FileAttributes: 0x20
|
|---|
| 239 | e7c.df4: Size: 0x1a00
|
|---|
| 240 | e7c.df4: NT Headers: 0xc0
|
|---|
| 241 | e7c.df4: Timestamp: 0x4a5bdeab
|
|---|
| 242 | e7c.df4: Machine: 0x8664 - amd64
|
|---|
| 243 | e7c.df4: Timestamp: 0x4a5bdeab
|
|---|
| 244 | e7c.df4: Image Version: 6.1
|
|---|
| 245 | e7c.df4: SizeOfImage: 0x50000 (327680)
|
|---|
| 246 | e7c.df4: Resource Dir: 0x30000 LB 0x3f0
|
|---|
| 247 | e7c.df4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 248 | e7c.df4: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
|
|---|
| 249 | e7c.df4: ProductName: Microsoft® Windows® Operating System
|
|---|
| 250 | e7c.df4: ProductVersion: 6.1.7600.16385
|
|---|
| 251 | e7c.df4: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
|
|---|
| 252 | e7c.df4: FileDescription: ApiSet Schema DLL
|
|---|
| 253 | e7c.df4: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 254 | e7c.df4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 255 | e7c.df4: Calling main()
|
|---|
| 256 | e7c.df4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 257 | e7c.df4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 258 | e7c.df4: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 259 | e7c.df4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe)
|
|---|
| 260 | e7c.df4: SUPR3HardenedMain: Respawn #2
|
|---|
| 261 | e7c.df4: supR3HardNtEnableThreadCreation:
|
|---|
| 262 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 263 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 264 | e7c.df4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
|
|---|
| 265 | e7c.df4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
|
|---|
| 266 | e7c.df4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
|
|---|
| 267 | e7c.df4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
|
|---|
| 268 | e7c.df4: supR3HardenedDllNotificationCallback: load 000007fefcf20000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
|
|---|
| 269 | e7c.df4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
|
|---|
| 270 | e7c.df4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\apphelp.dll'
|
|---|
| 271 | e7c.df4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840
|
|---|
| 272 | e7c.df4: supR3HardenedWinDoReSpawn(2): New child fe4.dfc [kernel32].
|
|---|
| 273 | e7c.df4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
|
|---|
| 274 | e7c.df4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077100000 uNtDllChildAddr=0000000077100000
|
|---|
| 275 | e7c.df4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007712c320
|
|---|
| 276 | e7c.df4: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 277 | e7c.df4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 278 | e7c.df4: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 31 sleeps
|
|---|
| 279 | e7c.df4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 280 | e7c.df4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
|
|---|
| 281 | e7c.df4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
|
|---|
| 282 | e7c.df4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
|
|---|
| 283 | e7c.df4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
|
|---|
| 284 | e7c.df4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
|
|---|
| 285 | e7c.df4: 0000000000041000-00000000001cffff 0x0001/0x0000 0x0000000
|
|---|
| 286 | e7c.df4: *00000000001d0000-00000000002cbfff 0x0000/0x0004 0x0020000
|
|---|
| 287 | e7c.df4: 00000000002cc000-00000000002cdfff 0x0104/0x0004 0x0020000
|
|---|
| 288 | e7c.df4: 00000000002ce000-00000000002cffff 0x0004/0x0004 0x0020000
|
|---|
| 289 | e7c.df4: 00000000002d0000-00000000770fffff 0x0001/0x0000 0x0000000
|
|---|
| 290 | e7c.df4: *0000000077100000-0000000077100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 291 | e7c.df4: 0000000077101000-0000000077202fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 292 | e7c.df4: 0000000077203000-0000000077231fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 293 | e7c.df4: 0000000077232000-000000007723dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 294 | e7c.df4: 000000007723e000-00000000772a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
|
|---|
| 295 | e7c.df4: 00000000772a9000-000000007efdffff 0x0001/0x0000 0x0000000
|
|---|
| 296 | e7c.df4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
|
|---|
| 297 | e7c.df4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 298 | e7c.df4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
|
|---|
| 299 | e7c.df4: 000000007fff0000-000000013fb1ffff 0x0001/0x0000 0x0000000
|
|---|
| 300 | e7c.df4: *000000013fb20000-000000013fb20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 301 | e7c.df4: 000000013fb21000-000000013fb91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 302 | e7c.df4: 000000013fb92000-000000013fb92fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 303 | e7c.df4: 000000013fb93000-000000013fbd8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 304 | e7c.df4: 000000013fbd9000-000000013fbd9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 305 | e7c.df4: 000000013fbda000-000000013fbdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 306 | e7c.df4: 000000013fbdb000-000000013fbdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 307 | e7c.df4: 000000013fbe0000-000000013fbe0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 308 | e7c.df4: 000000013fbe1000-000000013fbe1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 309 | e7c.df4: 000000013fbe2000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 310 | e7c.df4: 000000013fbe6000-000000013fc2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe
|
|---|
| 311 | e7c.df4: 000000013fc2e000-000007feff41ffff 0x0001/0x0000 0x0000000
|
|---|
| 312 | e7c.df4: *000007feff420000-000007feff420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
|
|---|
| 313 | e7c.df4: 000007feff421000-000007fffffaffff 0x0001/0x0000 0x0000000
|
|---|
| 314 | e7c.df4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
|
|---|
| 315 | e7c.df4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
|
|---|
| 316 | e7c.df4: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
|
|---|
| 317 | e7c.df4: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
|
|---|
| 318 | e7c.df4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
|
|---|
| 319 | e7c.df4: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
|
|---|
| 320 | e7c.df4: VirtualBox.exe: timestamp 0x5be4900d (rc=VINF_SUCCESS)
|
|---|
| 321 | e7c.df4: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 322 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 323 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 324 | e7c.df4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
|
|---|
| 325 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 326 | e7c.df4: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 327 | e7c.df4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
|
|---|
| 328 | e7c.df4: supR3HardNtChildPurify: Done after 306 ms and 0 fixes (loop #0).
|
|---|
| 329 | fe4.dfc: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
|
|---|
| 330 | fe4.dfc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077100000 g_uNtVerCombined=0x611db100
|
|---|
| 331 | fe4.dfc: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
|
|---|
| 332 | fe4.dfc: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1740800 allocation)
|
|---|
| 333 | e7c.df4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000)
|
|---|
| 334 | e7c.df4: supR3HardNtEnableThreadCreation:
|
|---|
| 335 | fe4.dfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 336 | fe4.dfc: System32: \Device\HarddiskVolume2\Windows\System32
|
|---|
| 337 | fe4.dfc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
|
|---|
| 338 | fe4.dfc: KnownDllPath: C:\Windows\system32
|
|---|
| 339 | fe4.dfc: supR3HardenedVmProcessInit: Opening vboxdrv...
|
|---|
| 340 | fe4.dfc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 341 | fe4.dfc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 342 | fe4.dfc: Registered Dll notification callback with NTDLL.
|
|---|
| 343 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 344 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 345 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
|
|---|
| 346 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 347 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
|
|---|
| 348 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 349 | fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000076fe0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
|
|---|
| 350 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 351 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd3b0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 352 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 353 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 354 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
|
|---|
| 355 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 356 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll'
|
|---|
| 357 | fe4.dfc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007712c320 pvNtTerminateThread=0000000077151840
|
|---|
| 358 | e7c.df4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 60 ms.
|
|---|
| 359 | fe4.dfc: \SystemRoot\System32\ntdll.dll:
|
|---|
| 360 | fe4.dfc: CreationTime: 2010-11-21T03:24:02.237248300Z
|
|---|
| 361 | fe4.dfc: LastWriteTime: 2010-11-21T03:24:02.237248300Z
|
|---|
| 362 | fe4.dfc: ChangeTime: 2016-10-25T11:50:22.928484300Z
|
|---|
| 363 | fe4.dfc: FileAttributes: 0x20
|
|---|
| 364 | fe4.dfc: Size: 0x1a6d60
|
|---|
| 365 | fe4.dfc: NT Headers: 0xe0
|
|---|
| 366 | fe4.dfc: Timestamp: 0x4ce7c8f9
|
|---|
| 367 | fe4.dfc: Machine: 0x8664 - amd64
|
|---|
| 368 | fe4.dfc: Timestamp: 0x4ce7c8f9
|
|---|
| 369 | fe4.dfc: Image Version: 6.1
|
|---|
| 370 | fe4.dfc: SizeOfImage: 0x1a9000 (1740800)
|
|---|
| 371 | fe4.dfc: Resource Dir: 0x151000 LB 0x560d8
|
|---|
| 372 | fe4.dfc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 373 | fe4.dfc: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 374 | fe4.dfc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 375 | fe4.dfc: ProductVersion: 6.1.7601.17514
|
|---|
| 376 | fe4.dfc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 377 | fe4.dfc: FileDescription: NT Layer DLL
|
|---|
| 378 | fe4.dfc: \SystemRoot\System32\kernel32.dll:
|
|---|
| 379 | fe4.dfc: CreationTime: 2010-11-21T03:24:10.130862200Z
|
|---|
| 380 | fe4.dfc: LastWriteTime: 2010-11-21T03:24:10.130862200Z
|
|---|
| 381 | fe4.dfc: ChangeTime: 2016-10-25T11:50:21.493281700Z
|
|---|
| 382 | fe4.dfc: FileAttributes: 0x20
|
|---|
| 383 | fe4.dfc: Size: 0x11b800
|
|---|
| 384 | fe4.dfc: NT Headers: 0xe8
|
|---|
| 385 | fe4.dfc: Timestamp: 0x4ce7c78b
|
|---|
| 386 | fe4.dfc: Machine: 0x8664 - amd64
|
|---|
| 387 | fe4.dfc: Timestamp: 0x4ce7c78b
|
|---|
| 388 | fe4.dfc: Image Version: 6.1
|
|---|
| 389 | fe4.dfc: SizeOfImage: 0x11f000 (1175552)
|
|---|
| 390 | fe4.dfc: Resource Dir: 0x116000 LB 0x528
|
|---|
| 391 | fe4.dfc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 392 | fe4.dfc: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 393 | fe4.dfc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 394 | fe4.dfc: ProductVersion: 6.1.7601.17514
|
|---|
| 395 | fe4.dfc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 396 | fe4.dfc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 397 | fe4.dfc: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 398 | fe4.dfc: CreationTime: 2010-11-21T03:24:25.294088800Z
|
|---|
| 399 | fe4.dfc: LastWriteTime: 2010-11-21T03:24:25.294088800Z
|
|---|
| 400 | fe4.dfc: ChangeTime: 2016-10-25T11:50:21.493281700Z
|
|---|
| 401 | fe4.dfc: FileAttributes: 0x20
|
|---|
| 402 | fe4.dfc: Size: 0x66800
|
|---|
| 403 | fe4.dfc: NT Headers: 0xf0
|
|---|
| 404 | fe4.dfc: Timestamp: 0x4ce7c78c
|
|---|
| 405 | fe4.dfc: Machine: 0x8664 - amd64
|
|---|
| 406 | fe4.dfc: Timestamp: 0x4ce7c78c
|
|---|
| 407 | fe4.dfc: Image Version: 6.1
|
|---|
| 408 | fe4.dfc: SizeOfImage: 0x6b000 (438272)
|
|---|
| 409 | fe4.dfc: Resource Dir: 0x69000 LB 0x530
|
|---|
| 410 | fe4.dfc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 411 | fe4.dfc: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
|
|---|
| 412 | fe4.dfc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 413 | fe4.dfc: ProductVersion: 6.1.7601.17514
|
|---|
| 414 | fe4.dfc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
|
|---|
| 415 | fe4.dfc: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 416 | fe4.dfc: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 417 | fe4.dfc: CreationTime: 2009-07-13T23:18:54.866423200Z
|
|---|
| 418 | fe4.dfc: LastWriteTime: 2009-07-14T01:24:53.779000000Z
|
|---|
| 419 | fe4.dfc: ChangeTime: 2016-10-25T11:50:24.660087300Z
|
|---|
| 420 | fe4.dfc: FileAttributes: 0x20
|
|---|
| 421 | fe4.dfc: Size: 0x1a00
|
|---|
| 422 | fe4.dfc: NT Headers: 0xc0
|
|---|
| 423 | fe4.dfc: Timestamp: 0x4a5bdeab
|
|---|
| 424 | fe4.dfc: Machine: 0x8664 - amd64
|
|---|
| 425 | fe4.dfc: Timestamp: 0x4a5bdeab
|
|---|
| 426 | fe4.dfc: Image Version: 6.1
|
|---|
| 427 | fe4.dfc: SizeOfImage: 0x50000 (327680)
|
|---|
| 428 | fe4.dfc: Resource Dir: 0x30000 LB 0x3f0
|
|---|
| 429 | fe4.dfc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 430 | fe4.dfc: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
|
|---|
| 431 | fe4.dfc: ProductName: Microsoft® Windows® Operating System
|
|---|
| 432 | fe4.dfc: ProductVersion: 6.1.7600.16385
|
|---|
| 433 | fe4.dfc: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
|
|---|
| 434 | fe4.dfc: FileDescription: ApiSet Schema DLL
|
|---|
| 435 | fe4.dfc: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 436 | fe4.dfc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 437 | fe4.dfc: Calling main()
|
|---|
| 438 | fe4.dfc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 439 | fe4.dfc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\VirtualBox'
|
|---|
| 440 | fe4.dfc: '\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 441 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.exe)
|
|---|
| 442 | fe4.dfc: SUPR3HardenedMain: Final process, opening VBoxDrv...
|
|---|
| 443 | fe4.dfc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
|
|---|
| 444 | fe4.dfc: supR3HardNtEnableThreadCreation:
|
|---|
| 445 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll)
|
|---|
| 446 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll
|
|---|
| 447 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 448 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 449 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef98e0000 LB 0x00005000 C:\Program Files\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
|
|---|
| 450 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 451 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 452 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 453 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 454 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
|
|---|
| 455 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 456 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 457 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL'
|
|---|
| 458 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wintrust.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 459 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wintrust.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 460 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 461 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
|
|---|
| 462 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
|
|---|
| 463 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 464 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
|
|---|
| 465 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 466 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 467 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 468 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 469 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 470 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
|
|---|
| 471 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 472 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 473 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 474 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 475 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 476 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
|
|---|
| 477 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
|
|---|
| 478 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 479 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 480 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 481 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 482 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 483 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
|
|---|
| 484 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
|
|---|
| 485 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 486 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 487 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 488 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 489 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 490 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
|
|---|
| 491 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 492 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 493 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 494 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 495 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 496 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 497 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 498 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 499 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 500 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd270000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
|
|---|
| 501 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 502 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefec70000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
|
|---|
| 503 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 504 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd100000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
|
|---|
| 505 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 506 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
|
|---|
| 507 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 508 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd420000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
|
|---|
| 509 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 510 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 511 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 512 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 513 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
|
|---|
| 514 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
|
|---|
| 515 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 516 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 517 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefcad0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
|
|---|
| 518 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 519 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcad0000 'C:\Windows\system32\bcrypt.dll'
|
|---|
| 520 | fe4.dfc: bcrypt.dll loaded at 000007fefcad0000, BCryptOpenAlgorithmProvider at 000007fefcad2640, preloading providers:
|
|---|
| 521 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 522 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 523 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 524 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
|
|---|
| 525 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
|
|---|
| 526 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
|
|---|
| 527 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 528 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 529 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 530 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 531 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 532 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 533 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 534 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 535 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 536 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
|
|---|
| 537 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 538 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 539 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 540 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 541 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 542 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 543 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 544 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 545 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 546 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc5e0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
|
|---|
| 547 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
|
|---|
| 548 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefdba0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
|
|---|
| 549 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 550 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 551 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 552 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 553 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
|
|---|
| 554 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
|
|---|
| 555 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
|
|---|
| 556 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefed10000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
|
|---|
| 557 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
|
|---|
| 558 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5e0000 'C:\Windows\system32\bcryptprimitives.dll'
|
|---|
| 559 | fe4.dfc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000094afb0)
|
|---|
| 560 | fe4.dfc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000094c840)
|
|---|
| 561 | fe4.dfc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000094c960)
|
|---|
| 562 | fe4.dfc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000094cb70)
|
|---|
| 563 | fe4.dfc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000094cc90)
|
|---|
| 564 | fe4.dfc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000094cdb0)
|
|---|
| 565 | fe4.dfc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000094cff0)
|
|---|
| 566 | fe4.dfc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000094d110)
|
|---|
| 567 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 568 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 569 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
|
|---|
| 570 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
|
|---|
| 571 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 572 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 573 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 574 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 575 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 576 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 577 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 578 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 579 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefca20000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
|
|---|
| 580 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 581 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\CRYPTSP.dll'
|
|---|
| 582 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 583 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 584 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 585 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
|
|---|
| 586 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
|
|---|
| 587 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 588 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 589 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 590 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 591 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 592 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc560000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
|
|---|
| 593 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
|
|---|
| 594 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc560000 'C:\Windows\system32\rsaenh.dll'
|
|---|
| 595 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 596 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 597 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 598 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 599 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 600 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
|
|---|
| 601 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 602 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 603 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 604 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefcf80000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
|
|---|
| 605 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
|
|---|
| 606 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\CRYPTBASE.dll'
|
|---|
| 607 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 608 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 609 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll'
|
|---|
| 610 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
|
|---|
| 611 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 612 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\WINTRUST.DLL'
|
|---|
| 613 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 614 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 615 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\CRYPT32.dll'
|
|---|
| 616 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 617 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 618 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 619 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
|
|---|
| 620 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
|
|---|
| 621 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 622 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 623 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 624 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 625 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
|
|---|
| 626 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007feff270000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
|
|---|
| 627 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
|
|---|
| 628 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'C:\Windows\system32\imagehlp.dll'
|
|---|
| 629 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
|
|---|
| 630 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 631 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\CRYPTSP.dll'
|
|---|
| 632 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 633 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 634 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 635 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
|
|---|
| 636 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 637 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 638 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 639 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 640 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 641 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 642 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
|
|---|
| 643 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
|
|---|
| 644 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 645 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
|
|---|
| 646 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
|
|---|
| 647 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 648 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 649 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
|
|---|
| 650 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 651 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
|
|---|
| 652 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
|
|---|
| 653 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
|
|---|
| 654 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 655 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 656 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 657 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
|
|---|
| 658 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
|
|---|
| 659 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 660 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 661 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 662 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 663 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
|
|---|
| 664 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
|
|---|
| 665 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
|
|---|
| 666 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 667 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 668 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 669 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 670 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 671 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 672 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 673 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 674 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 675 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 676 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 677 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 678 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 679 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 680 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 681 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 682 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 683 | fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000076ee0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
|
|---|
| 684 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 685 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
|
|---|
| 686 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 687 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
|
|---|
| 688 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
|
|---|
| 689 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
|
|---|
| 690 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
|
|---|
| 691 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 692 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 693 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\Windows\system32\gdi32.dll'
|
|---|
| 694 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 695 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 696 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
|
|---|
| 697 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 698 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
|
|---|
| 699 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
|
|---|
| 700 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 701 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
|
|---|
| 702 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
|
|---|
| 703 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 704 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 705 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 706 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 707 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
|
|---|
| 708 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
|
|---|
| 709 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
|
|---|
| 710 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
|
|---|
| 711 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 712 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 713 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 714 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 715 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 716 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 717 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 718 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 719 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
|
|---|
| 720 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 721 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 722 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 723 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 724 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 725 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 726 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 727 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 728 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 729 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 730 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
|
|---|
| 731 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd660000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
|
|---|
| 732 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
|
|---|
| 733 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd550000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
|
|---|
| 734 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
|
|---|
| 735 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\IMM32.DLL'
|
|---|
| 736 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ee0000 'C:\Windows\system32\USER32.dll'
|
|---|
| 737 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 738 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 739 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
|
|---|
| 740 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 741 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
|
|---|
| 742 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
|
|---|
| 743 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
|
|---|
| 744 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
|
|---|
| 745 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
|
|---|
| 746 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
|
|---|
| 747 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 748 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 749 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 750 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
|
|---|
| 751 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 752 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 753 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 754 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
|
|---|
| 755 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefca80000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
|
|---|
| 756 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
|
|---|
| 757 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\Windows\system32\ncrypt.dll'
|
|---|
| 758 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
|
|---|
| 759 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 760 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcad0000 'C:\Windows\system32\bcrypt.dll'
|
|---|
| 761 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 762 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 763 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 764 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
|
|---|
| 765 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
|
|---|
| 766 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
|
|---|
| 767 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
|
|---|
| 768 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
|
|---|
| 769 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 770 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 771 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 772 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 773 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
|
|---|
| 774 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
|
|---|
| 775 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 776 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 777 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 778 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 779 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 780 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 781 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 782 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 783 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 784 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 785 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
|
|---|
| 786 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc380000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
|
|---|
| 787 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
|
|---|
| 788 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
|
|---|
| 789 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
|
|---|
| 790 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
|
|---|
| 791 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc380000 'C:\Windows\system32\USERENV.dll'
|
|---|
| 792 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 793 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 794 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 795 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 796 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 797 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 798 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 799 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 800 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 801 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 802 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
|
|---|
| 803 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
|
|---|
| 804 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 805 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 806 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 807 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 808 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 809 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 810 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 811 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 812 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc360000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
|
|---|
| 813 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
|
|---|
| 814 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc360000 'C:\Windows\system32\GPAPI.dll'
|
|---|
| 815 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 816 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 817 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L1-1-0.dll'
|
|---|
| 818 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 819 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 820 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\Windows\system32\rpcrt4.dll'
|
|---|
| 821 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 822 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 823 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L2-1-0.dll'
|
|---|
| 824 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 825 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 826 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 827 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 828 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 829 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 830 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
|
|---|
| 831 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
|
|---|
| 832 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
|
|---|
| 833 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
|
|---|
| 834 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
|
|---|
| 835 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 836 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 837 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 838 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 839 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
|
|---|
| 840 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
|
|---|
| 841 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
|
|---|
| 842 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 843 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
|
|---|
| 844 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 845 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 846 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 847 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 848 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 849 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 850 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 851 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 852 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef5e10000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
|
|---|
| 853 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 854 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd7e0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
|
|---|
| 855 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
|
|---|
| 856 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 857 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 858 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 859 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 860 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 861 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 862 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 863 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 864 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 865 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 866 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 867 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 868 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 869 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 870 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 871 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 872 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 873 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 874 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 875 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 876 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 877 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 878 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 879 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 880 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 881 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 882 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 883 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 884 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 885 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 886 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 887 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 888 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 889 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
|
|---|
| 890 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
|
|---|
| 891 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 892 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 893 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 894 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 895 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 896 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 897 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 898 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 899 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 900 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 901 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 902 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
|
|---|
| 903 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007feff0c0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
|
|---|
| 904 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
|
|---|
| 905 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0c0000 'C:\Windows\system32\SHLWAPI.dll'
|
|---|
| 906 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 907 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 908 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 909 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
|
|---|
| 910 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 911 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\profapi.dll'
|
|---|
| 912 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 913 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 914 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
|
|---|
| 915 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
|
|---|
| 916 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
|
|---|
| 917 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 918 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
|
|---|
| 919 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
|
|---|
| 920 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
|
|---|
| 921 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
|
|---|
| 922 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 923 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
|
|---|
| 924 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
|
|---|
| 925 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 926 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 927 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 928 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
|
|---|
| 929 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
|
|---|
| 930 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
|
|---|
| 931 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 932 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 933 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 934 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 935 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 936 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 937 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 938 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
|
|---|
| 939 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
|
|---|
| 940 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
|
|---|
| 941 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 942 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 943 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 944 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 945 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 946 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 947 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 948 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 949 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 950 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 951 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 952 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 953 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 954 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 955 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 956 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 957 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 958 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 959 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 960 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 961 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
|
|---|
| 962 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
|
|---|
| 963 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 964 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 965 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 966 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 967 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 968 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 969 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 970 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 971 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 972 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 973 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 974 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 975 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 976 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 977 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 978 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 979 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 980 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 981 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 982 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 983 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 984 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 985 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 986 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 987 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 988 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 989 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
|
|---|
| 990 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
|
|---|
| 991 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
|
|---|
| 992 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
|
|---|
| 993 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 994 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
|
|---|
| 995 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 996 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
|
|---|
| 997 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 998 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 999 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1000 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1001 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1002 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
|
|---|
| 1003 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1004 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1005 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
|
|---|
| 1006 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1007 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1008 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
|
|---|
| 1009 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1010 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1011 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1012 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1013 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
|
|---|
| 1014 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefea10000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
|
|---|
| 1015 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
|
|---|
| 1016 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
|
|---|
| 1017 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
|
|---|
| 1018 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefed30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 1019 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
|
|---|
| 1020 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd850000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
|
|---|
| 1021 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
|
|---|
| 1022 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
|
|---|
| 1023 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
|
|---|
| 1024 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1025 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1026 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 1027 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea10000 'C:\Windows\system32\setupapi.dll'
|
|---|
| 1028 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1029 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1030 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1031 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
|
|---|
| 1032 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
|
|---|
| 1033 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1034 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1035 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1036 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1037 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
|
|---|
| 1038 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef7560000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
|
|---|
| 1039 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
|
|---|
| 1040 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7560000 'C:\Windows\system32\Cabinet.dll'
|
|---|
| 1041 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1042 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1043 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1044 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
|
|---|
| 1045 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
|
|---|
| 1046 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1047 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1048 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
|
|---|
| 1049 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1050 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
|
|---|
| 1051 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
|
|---|
| 1052 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
|
|---|
| 1053 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\DEVRTL.dll'
|
|---|
| 1054 | fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefea10000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
|
|---|
| 1055 | fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefd2f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
|
|---|
| 1056 | fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefed30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
|
|---|
| 1057 | fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefd850000 LB 0x00203000 C:\Windows\system32\ole32.dll [flags=0x0]
|
|---|
| 1058 | fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fefd2b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
|
|---|
| 1059 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
|
|---|
| 1060 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5e10000 'C:\Windows\system32\cryptnet.dll'
|
|---|
| 1061 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
|
|---|
| 1062 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009456d0
|
|---|
| 1063 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1064 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6463B603CF12442718467D754A1EDC45CE1D6E7E
|
|---|
| 1065 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1066 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1067 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 1068 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1069 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1070 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L1-1-0.dll'
|
|---|
| 1071 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1072 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1073 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
|
|---|
| 1074 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
|
|---|
| 1075 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1076 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 1077 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1078 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1079 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
|
|---|
| 1080 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1081 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1082 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
|
|---|
| 1083 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll'
|
|---|
| 1084 | fe4.dfc: g_pfnWinVerifyTrust=000007fefd271010
|
|---|
| 1085 | fe4.dfc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
|
|---|
| 1086 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1087 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1088 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1089 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=766DAE0DAEDFFD0DB96611658C619DD5922D2FEC
|
|---|
| 1090 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 1091 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1092 | fe4.dfc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
|
|---|
| 1093 | fe4.dfc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
|
|---|
| 1094 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 1095 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1096 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1097 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D9B442D9CC38B2D0501106E104A42A4EE0B238
|
|---|
| 1098 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
|
|---|
| 1099 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1100 | fe4.dfc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
|
|---|
| 1101 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
|
|---|
| 1102 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1103 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1104 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
|
|---|
| 1105 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
|
|---|
| 1106 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1107 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
|
|---|
| 1108 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
|
|---|
| 1109 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1110 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1111 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
|
|---|
| 1112 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
|
|---|
| 1113 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1114 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
|
|---|
| 1115 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1116 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1117 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1118 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
|
|---|
| 1119 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1120 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1121 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
|
|---|
| 1122 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000408 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
|
|---|
| 1123 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1124 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1125 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
|
|---|
| 1126 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
|
|---|
| 1127 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1128 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
|
|---|
| 1129 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1130 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1131 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1132 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26A5C3FE898CBD66951D3BC65E742E0BE561E69B
|
|---|
| 1133 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 1134 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1135 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
|
|---|
| 1136 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003fc pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
|
|---|
| 1137 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1138 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1139 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
|
|---|
| 1140 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
|
|---|
| 1141 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1142 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
|
|---|
| 1143 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 1144 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1145 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1146 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
|
|---|
| 1147 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
|
|---|
| 1148 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1149 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
|
|---|
| 1150 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ec pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 1151 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1152 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1153 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
|
|---|
| 1154 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
|
|---|
| 1155 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1156 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
|
|---|
| 1157 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
|
|---|
| 1158 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1159 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1160 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
|
|---|
| 1161 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
|
|---|
| 1162 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1163 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
|
|---|
| 1164 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
|
|---|
| 1165 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1166 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1167 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
|
|---|
| 1168 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
|
|---|
| 1169 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1170 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
|
|---|
| 1171 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000278 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
|
|---|
| 1172 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1173 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1174 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
|
|---|
| 1175 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
|
|---|
| 1176 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1177 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
|
|---|
| 1178 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
|
|---|
| 1179 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1180 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1181 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
|
|---|
| 1182 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
|
|---|
| 1183 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1184 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
|
|---|
| 1185 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
|
|---|
| 1186 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1187 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1188 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
|
|---|
| 1189 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
|
|---|
| 1190 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1191 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
|
|---|
| 1192 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
|
|---|
| 1193 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1194 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1195 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B
|
|---|
| 1196 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
|
|---|
| 1197 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1198 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
|
|---|
| 1199 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
|
|---|
| 1200 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1201 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1202 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
|
|---|
| 1203 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
|
|---|
| 1204 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1205 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
|
|---|
| 1206 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 1207 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1208 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1209 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
|
|---|
| 1210 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
|
|---|
| 1211 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1212 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
|
|---|
| 1213 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
|
|---|
| 1214 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1215 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1216 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
|
|---|
| 1217 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
|
|---|
| 1218 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1219 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
|
|---|
| 1220 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
|
|---|
| 1221 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1222 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1223 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
|
|---|
| 1224 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
|
|---|
| 1225 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1226 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
|
|---|
| 1227 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1228 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1229 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1230 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
|
|---|
| 1231 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1232 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1233 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
|
|---|
| 1234 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1235 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1236 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1237 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
|
|---|
| 1238 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1239 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1240 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
|
|---|
| 1241 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
|
|---|
| 1242 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1243 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1244 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE89CF1060867A10BD3963894BCDB4D3058F804
|
|---|
| 1245 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
|
|---|
| 1246 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1247 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
|
|---|
| 1248 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 1249 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1250 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1251 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
|
|---|
| 1252 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
|
|---|
| 1253 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1254 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
|
|---|
| 1255 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
|
|---|
| 1256 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
|
|---|
| 1257 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1258 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1259 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
|
|---|
| 1260 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
|
|---|
| 1261 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1262 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
|
|---|
| 1263 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
|
|---|
| 1264 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1265 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1266 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
|
|---|
| 1267 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
|
|---|
| 1268 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1269 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
|
|---|
| 1270 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1271 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1272 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1273 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
|
|---|
| 1274 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1275 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1276 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
|
|---|
| 1277 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
|
|---|
| 1278 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
|
|---|
| 1279 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1280 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1281 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
|
|---|
| 1282 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 1283 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1284 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
|
|---|
| 1285 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1286 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1287 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1288 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBEAC8C0FA88C88B540ACFE0683B1810C077AA53
|
|---|
| 1289 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1290 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1291 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
|
|---|
| 1292 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
|
|---|
| 1293 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1294 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1295 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
|
|---|
| 1296 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 1297 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1298 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
|
|---|
| 1299 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 1300 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1301 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1302 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C
|
|---|
| 1303 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 1304 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1305 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
|
|---|
| 1306 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSupLib.dll'
|
|---|
| 1307 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
|
|---|
| 1308 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1309 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1310 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06FEC3C858DB28D2F4BFBDA99AF14D4747A8C5D4
|
|---|
| 1311 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
|
|---|
| 1312 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1313 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
|
|---|
| 1314 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 1315 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1316 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1317 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7AE634A00F24BBD4AE27DEA9BCCCE222DE9897B
|
|---|
| 1318 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
|
|---|
| 1319 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1320 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
|
|---|
| 1321 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1322 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1323 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1324 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
|
|---|
| 1325 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
|
|---|
| 1326 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
|
|---|
| 1327 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
|
|---|
| 1328 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
|
|---|
| 1329 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
|
|---|
| 1330 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
|
|---|
| 1331 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
|
|---|
| 1332 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
|
|---|
| 1333 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
|
|---|
| 1334 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
|
|---|
| 1335 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
|
|---|
| 1336 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
|
|---|
| 1337 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
|
|---|
| 1338 | fe4.dfc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
|
|---|
| 1339 | fe4.dfc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=15
|
|---|
| 1340 | fe4.dfc: SUPR3HardenedMain: Load Runtime...
|
|---|
| 1341 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1342 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 1343 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
|
|---|
| 1344 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
|
|---|
| 1345 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll) WinVerifyTrust
|
|---|
| 1346 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1347 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1348 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1349 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1350 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1351 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1352 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1353 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1354 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1355 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1356 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
|
|---|
| 1357 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
|
|---|
| 1358 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1359 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1360 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
|
|---|
| 1361 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
|
|---|
| 1362 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
|
|---|
| 1363 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1364 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1365 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1366 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 1367 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll) WinVerifyTrust
|
|---|
| 1368 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1369 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1370 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1371 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll) WinVerifyTrust
|
|---|
| 1372 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1373 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1374 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1375 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1376 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 1377 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1378 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1379 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1380 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 1381 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1382 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1383 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
|
|---|
| 1384 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
|
|---|
| 1385 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1386 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
|
|---|
| 1387 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 1388 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 1389 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1390 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1391 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1392 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1393 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1394 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef45c0000 LB 0x00595000 C:\Program Files\VirtualBox\VBoxRT.dll [fFlags=0x0]
|
|---|
| 1395 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1396 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1397 | fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000073de0000 LB 0x000d2000 C:\Program Files\VirtualBox\MSVCR100.dll [fFlags=0x0]
|
|---|
| 1398 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1399 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1400 | fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000073d40000 LB 0x00098000 C:\Program Files\VirtualBox\MSVCP100.dll [fFlags=0x0]
|
|---|
| 1401 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1402 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefee10000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
|
|---|
| 1403 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1404 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd690000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
|
|---|
| 1405 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 1406 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1407 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1408 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1409 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1410 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1411 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1412 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1413 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1414 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1415 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1416 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1417 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1418 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1419 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1420 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1421 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1422 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1423 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1424 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1425 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1426 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1427 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1428 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1429 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1430 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1431 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1432 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1433 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1434 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1435 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1436 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1437 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1438 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1439 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1440 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1441 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1442 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1443 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1444 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1445 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1446 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1447 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1448 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1449 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxRT.dll
|
|---|
| 1450 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1451 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1452 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1453 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1454 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45c0000 'C:\Program Files\VirtualBox\VBoxRT.dll'
|
|---|
| 1455 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
|
|---|
| 1456 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1457 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd270000 'C:\Windows\system32\Wintrust.dll'
|
|---|
| 1458 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
|
|---|
| 1459 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1460 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\crypt32.dll'
|
|---|
| 1461 | fe4.dfc: SUPR3HardenedMain: Load TrustedMain...
|
|---|
| 1462 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
|
|---|
| 1463 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 1464 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
|
|---|
| 1465 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1466 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1467 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
|
|---|
| 1468 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
|
|---|
| 1469 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
|
|---|
| 1470 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
|
|---|
| 1471 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
|
|---|
| 1472 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
|
|---|
| 1473 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
|
|---|
| 1474 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
|
|---|
| 1475 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
|
|---|
| 1476 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
|
|---|
| 1477 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll) WinVerifyTrust
|
|---|
| 1478 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll
|
|---|
| 1479 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 1480 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1481 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1482 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1483 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1484 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1485 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1486 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
|
|---|
| 1487 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
|
|---|
| 1488 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1489 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
|
|---|
| 1490 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1491 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
|
|---|
| 1492 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1493 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 1494 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1495 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1496 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1497 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1498 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1499 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1500 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1501 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shell32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1502 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\shell32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1503 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1504 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1505 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1506 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCF00DB9BBECF4126AB4076577BBA73C0F94BDF9
|
|---|
| 1507 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
|
|---|
| 1508 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1509 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1510 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
|
|---|
| 1511 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
|
|---|
| 1512 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
|
|---|
| 1513 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
|
|---|
| 1514 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1515 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1516 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1517 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1518 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1519 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1520 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
|
|---|
| 1521 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1522 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
|
|---|
| 1523 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
|
|---|
| 1524 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
|
|---|
| 1525 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
|
|---|
| 1526 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
|
|---|
| 1527 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1528 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
|
|---|
| 1529 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1530 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1531 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1532 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
|
|---|
| 1533 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
|
|---|
| 1534 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1535 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
|
|---|
| 1536 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
|
|---|
| 1537 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
|
|---|
| 1538 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
|
|---|
| 1539 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll
|
|---|
| 1540 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1541 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1542 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1543 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1544 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
|
|---|
| 1545 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
|
|---|
| 1546 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 1547 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1548 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1549 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
|
|---|
| 1550 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1551 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1552 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1553 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
|
|---|
| 1554 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1555 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1556 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1557 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
|
|---|
| 1558 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
|
|---|
| 1559 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
|
|---|
| 1560 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
|
|---|
| 1561 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1562 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1563 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1564 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 1565 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
|
|---|
| 1566 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 1567 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 1568 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 1569 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
|
|---|
| 1570 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
|
|---|
| 1571 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
|
|---|
| 1572 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
|
|---|
| 1573 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1574 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1575 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1576 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1577 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1578 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1579 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1580 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 1581 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1582 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1583 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1584 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1585 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1586 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1587 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1588 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1589 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
|
|---|
| 1590 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
|
|---|
| 1591 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1592 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1593 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 1594 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
|
|---|
| 1595 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
|
|---|
| 1596 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
|
|---|
| 1597 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
|
|---|
| 1598 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
|
|---|
| 1599 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1600 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1601 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1602 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
|
|---|
| 1603 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1604 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1605 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1606 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1607 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1608 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1609 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
|
|---|
| 1610 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
|
|---|
| 1611 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1612 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1613 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1614 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
|
|---|
| 1615 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1616 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 1617 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
|
|---|
| 1618 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
|
|---|
| 1619 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1620 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
|
|---|
| 1621 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1622 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1623 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1624 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1625 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1626 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1627 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
|
|---|
| 1628 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
|
|---|
| 1629 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1630 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1631 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
|
|---|
| 1632 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1633 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
|
|---|
| 1634 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1635 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1636 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1637 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1638 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1639 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1640 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1641 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1642 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1643 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1644 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1645 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1646 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1647 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1648 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
|
|---|
| 1649 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1650 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\mpr.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1651 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\mpr.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1652 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
|
|---|
| 1653 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1654 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1655 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
|
|---|
| 1656 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
|
|---|
| 1657 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1658 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
|
|---|
| 1659 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
|
|---|
| 1660 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 1661 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1662 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 1663 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1664 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1665 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1666 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1667 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1668 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1669 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1670 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1671 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1672 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1673 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1674 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1675 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1676 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1677 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1678 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1679 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1680 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1681 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1682 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1683 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1684 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1685 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1686 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1687 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1688 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1689 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1690 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 1691 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1692 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1693 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1694 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1695 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1696 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 1697 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1698 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 1699 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1700 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1701 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1702 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1703 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1704 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1705 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1706 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1707 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1708 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1709 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1710 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 1711 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1712 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1713 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1714 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1715 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 1716 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
|
|---|
| 1717 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1718 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1719 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1720 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
|
|---|
| 1721 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1722 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1723 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
|
|---|
| 1724 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
|
|---|
| 1725 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1726 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1727 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
|
|---|
| 1728 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1729 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
|
|---|
| 1730 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
|
|---|
| 1731 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 1732 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
|
|---|
| 1733 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
|
|---|
| 1734 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
|
|---|
| 1735 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
|
|---|
| 1736 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1737 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1738 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
|
|---|
| 1739 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1740 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1741 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
|
|---|
| 1742 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
|
|---|
| 1743 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1744 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1745 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 1746 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 1747 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
|
|---|
| 1748 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
|
|---|
| 1749 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1750 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1751 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1752 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1753 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1754 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1755 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1756 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1757 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1758 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1759 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1760 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1761 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1762 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1763 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1764 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1765 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1766 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1767 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1768 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1769 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1770 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
|
|---|
| 1771 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1772 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1773 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1774 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1775 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1776 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1777 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 1778 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1779 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 1780 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1781 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1782 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1783 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1784 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1785 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1786 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1787 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1788 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1789 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1790 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
|
|---|
| 1791 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1792 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1793 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 1794 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1795 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1796 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
|
|---|
| 1797 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
|
|---|
| 1798 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1799 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1800 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
|
|---|
| 1801 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1802 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1803 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
|
|---|
| 1804 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
|
|---|
| 1805 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1806 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 1807 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1808 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1809 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
|
|---|
| 1810 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
|
|---|
| 1811 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1812 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1813 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1814 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1815 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 1816 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1817 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 1818 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1819 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1820 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1821 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1822 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
|
|---|
| 1823 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1824 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1825 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1826 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1827 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
|
|---|
| 1828 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1829 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1830 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1831 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1832 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1833 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1834 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
|
|---|
| 1835 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
|
|---|
| 1836 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1837 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1838 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1839 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 1840 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
|
|---|
| 1841 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1842 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 1843 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1844 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 1845 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1846 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1847 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
|
|---|
| 1848 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1849 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1850 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 1851 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1852 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 1853 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 1854 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
|
|---|
| 1855 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
|
|---|
| 1856 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 1857 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 1858 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
|
|---|
| 1859 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1860 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
|
|---|
| 1861 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1862 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1863 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1864 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1865 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1866 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1867 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1868 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1869 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1870 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1871 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1872 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1873 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1874 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1875 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1876 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 1877 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1878 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
|
|---|
| 1879 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1880 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1881 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1882 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1883 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1884 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1885 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 1886 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1887 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll
|
|---|
| 1888 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3bb0000 LB 0x00a06000 C:\Program Files\VirtualBox\VirtualBox.dll [fFlags=0x0]
|
|---|
| 1889 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VirtualBox.dll
|
|---|
| 1890 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1891 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef4db0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
|
|---|
| 1892 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
|
|---|
| 1893 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1894 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef4fe0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
|
|---|
| 1895 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
|
|---|
| 1896 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1897 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3ab0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
|
|---|
| 1898 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
|
|---|
| 1899 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1900 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef86b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
|
|---|
| 1901 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
|
|---|
| 1902 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefea10000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
|
|---|
| 1903 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 1904 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
|
|---|
| 1905 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
|
|---|
| 1906 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefed30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
|
|---|
| 1907 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 1908 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd850000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
|
|---|
| 1909 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1910 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd2f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
|
|---|
| 1911 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
|
|---|
| 1912 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1913 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefb320000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
|
|---|
| 1914 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
|
|---|
| 1915 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1916 | fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000072e70000 LB 0x00565000 C:\Program Files\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
|
|---|
| 1917 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1918 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
|
|---|
| 1919 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 1920 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
|
|---|
| 1921 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9730000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
|
|---|
| 1922 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
|
|---|
| 1923 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1924 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef34b0000 LB 0x005f7000 C:\Program Files\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
|
|---|
| 1925 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 1926 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1927 | fe4.dfc: supR3HardenedDllNotificationCallback: load 0000000071f40000 LB 0x00561000 C:\Program Files\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
|
|---|
| 1928 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5WidgetsVBox.dll
|
|---|
| 1929 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll
|
|---|
| 1930 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3450000 LB 0x00051000 C:\Program Files\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
|
|---|
| 1931 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5PrintSupportVBox.dll
|
|---|
| 1932 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
|
|---|
| 1933 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9560000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
|
|---|
| 1934 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
|
|---|
| 1935 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
|
|---|
| 1936 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
|
|---|
| 1937 | fe4.dfc: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 1938 | fe4.dfc: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in WinSxS).
|
|---|
| 1939 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
|
|---|
| 1940 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
|
|---|
| 1941 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 1942 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
|
|---|
| 1943 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
|
|---|
| 1944 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef7610000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
|
|---|
| 1945 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
|
|---|
| 1946 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1947 | fe4.dfc: supR3HardenedDllNotificationCallback: load 00000000749f0000 LB 0x00054000 C:\Program Files\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
|
|---|
| 1948 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5OpenGLVBox.dll
|
|---|
| 1949 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1950 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef7980000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
|
|---|
| 1951 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 1952 | fe4.dfc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'.
|
|---|
| 1953 | fe4.dfc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [rescheduled]
|
|---|
| 1954 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 1955 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1956 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 1957 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 1958 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 1959 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1960 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 1961 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1962 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 1963 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1964 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1965 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd660000 'C:\Windows\system32\imm32.dll'
|
|---|
| 1966 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.DLL'
|
|---|
| 1967 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 1968 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
|
|---|
| 1969 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\cryptbase.dll'
|
|---|
| 1970 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3bb0000 'C:\Program Files\VirtualBox\VirtualBox.dll'
|
|---|
| 1971 | fe4.dfc: SUPR3HardenedMain: Calling TrustedMain (000007fef3bb14f0)...
|
|---|
| 1972 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 1973 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1974 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll'
|
|---|
| 1975 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 1976 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
|
|---|
| 1977 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 1978 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\profapi.dll'
|
|---|
| 1979 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
|
|---|
| 1980 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
|
|---|
| 1981 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 1982 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
|
|---|
| 1983 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
|
|---|
| 1984 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 1985 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
|
|---|
| 1986 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
|
|---|
| 1987 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
|
|---|
| 1988 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
|
|---|
| 1989 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
|
|---|
| 1990 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
|
|---|
| 1991 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll
|
|---|
| 1992 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 1993 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1994 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
|
|---|
| 1995 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1996 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5CoreVBox.dll
|
|---|
| 1997 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
|
|---|
| 1998 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
|
|---|
| 1999 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\Qt5GuiVBox.dll
|
|---|
| 2000 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2001 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2002 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2003 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2004 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 2005 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2006 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2007 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 2008 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 2009 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2010 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 2011 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
|
|---|
| 2012 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2013 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
|
|---|
| 2014 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2015 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2016 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2017 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2018 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 2019 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2020 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2021 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2022 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll
|
|---|
| 2023 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3320000 LB 0x0012e000 C:\Program Files\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
|
|---|
| 2024 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\platforms\qwindows.dll
|
|---|
| 2025 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3320000 'C:\Program Files\VirtualBox\platforms\qwindows.dll'
|
|---|
| 2026 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
|
|---|
| 2027 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2028 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\CRYPTBASE.dll'
|
|---|
| 2029 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ee0000 'C:\Windows\system32\user32.dll'
|
|---|
| 2030 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 2031 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2032 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2033 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\Wintab32.dll: Owner is administrators group.
|
|---|
| 2034 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'wtsapi32.dll'.
|
|---|
| 2035 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 2036 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 2037 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
|
|---|
| 2038 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2039 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\Wintab32.dll) WinVerifyTrust
|
|---|
| 2040 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wintab32.dll
|
|---|
| 2041 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2042 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2043 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 2044 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
|
|---|
| 2045 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2046 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 2047 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2048 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2049 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2050 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2051 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
|
|---|
| 2052 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2053 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2054 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2055 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000588 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
|
|---|
| 2056 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2057 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2058 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
|
|---|
| 2059 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
|
|---|
| 2060 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2061 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2062 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
|
|---|
| 2063 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
|
|---|
| 2064 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2065 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2066 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2067 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wintab32.dll
|
|---|
| 2068 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef3150000 LB 0x001cb000 C:\Windows\system32\wintab32.dll [fFlags=0x0]
|
|---|
| 2069 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wintab32.dll
|
|---|
| 2070 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
|
|---|
| 2071 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x00011000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0]
|
|---|
| 2072 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
|
|---|
| 2073 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3150000 'C:\Windows\system32\wintab32.dll'
|
|---|
| 2074 | fe4.dfc: Error (rc=0):
|
|---|
| 2075 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Wacom_Tablet.dll
|
|---|
| 2076 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2077 | fe4.dfc: Error (rc=0):
|
|---|
| 2078 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\Pen_Tablet.dll
|
|---|
| 2079 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2080 | fe4.dfc: Error (rc=0):
|
|---|
| 2081 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: relative name not permitted: .\ISD_Tablet.dll
|
|---|
| 2082 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000033
|
|---|
| 2083 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 2084 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2085 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll'
|
|---|
| 2086 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 2087 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2088 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll'
|
|---|
| 2089 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
|
|---|
| 2090 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2091 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2092 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2093 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2094 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
|
|---|
| 2095 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2096 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2097 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
|
|---|
| 2098 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
|
|---|
| 2099 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2100 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2101 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 2102 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
|
|---|
| 2103 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
|
|---|
| 2104 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
|
|---|
| 2105 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 2106 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2107 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2108 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2109 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2110 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2111 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2112 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
|
|---|
| 2113 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefb9e0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
|
|---|
| 2114 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
|
|---|
| 2115 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9e0000 'C:\Windows\system32\uxtheme.dll'
|
|---|
| 2116 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\advapi32.dll'
|
|---|
| 2117 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
|
|---|
| 2118 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2119 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc380000 'C:\Windows\system32\userenv.dll'
|
|---|
| 2120 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
|
|---|
| 2121 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2122 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'C:\Windows\system32\kernel32.dll'
|
|---|
| 2123 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2124 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2125 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
|
|---|
| 2126 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2127 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2128 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
|
|---|
| 2129 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
|
|---|
| 2130 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2131 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2132 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
|
|---|
| 2133 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2134 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2135 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 2136 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 2137 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
|
|---|
| 2138 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
|
|---|
| 2139 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2140 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2141 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2142 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2143 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 2144 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2145 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2146 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2147 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2148 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
|
|---|
| 2149 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2150 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2151 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2152 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2153 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2154 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
|
|---|
| 2155 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefdb00000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
|
|---|
| 2156 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
|
|---|
| 2157 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb00000 'C:\Windows\system32\CLBCatQ.DLL'
|
|---|
| 2158 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
|
|---|
| 2159 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2160 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 2161 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
|
|---|
| 2162 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2163 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\CRYPTSP.dll'
|
|---|
| 2164 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2165 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2166 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c8 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
|
|---|
| 2167 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2168 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2169 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
|
|---|
| 2170 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
|
|---|
| 2171 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2172 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
|
|---|
| 2173 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
|
|---|
| 2174 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
|
|---|
| 2175 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2176 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2177 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2178 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
|
|---|
| 2179 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fefd030000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
|
|---|
| 2180 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
|
|---|
| 2181 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd030000 'C:\Windows\system32\RpcRtRemote.dll'
|
|---|
| 2182 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2183 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2184 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2185 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2186 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2187 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2188 | fe4.1050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll) WinVerifyTrust
|
|---|
| 2189 | fe4.1050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll
|
|---|
| 2190 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2191 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2192 | fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 2193 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2194 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2195 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2196 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2197 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2198 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2199 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2200 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2201 | fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 2202 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2203 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2204 | fe4.1050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2205 | fe4.1050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll
|
|---|
| 2206 | fe4.1050: supR3HardenedDllNotificationCallback: load 000007fef10c0000 LB 0x00546000 C:\Program Files\VirtualBox\VBoxC.dll [fFlags=0x0]
|
|---|
| 2207 | fe4.1050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll
|
|---|
| 2208 | fe4.1050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef10c0000 'C:\Program Files\VirtualBox\VBoxC.dll'
|
|---|
| 2209 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2210 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2211 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 2212 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
|
|---|
| 2213 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
|
|---|
| 2214 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
|
|---|
| 2215 | fe4.1050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 2216 | fe4.1050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
|
|---|
| 2217 | fe4.1050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2218 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2219 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2220 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2221 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2222 | fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 2223 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2224 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2225 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
|
|---|
| 2226 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2227 | fe4.1050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 2228 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2229 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2230 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2231 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2232 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2233 | fe4.1050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2234 | fe4.1050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2235 | fe4.1050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2236 | fe4.1050: supR3HardenedDllNotificationCallback: load 000007fef3090000 LB 0x000ba000 C:\Program Files\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
|
|---|
| 2237 | fe4.1050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxProxyStub.dll
|
|---|
| 2238 | fe4.1050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3090000 'C:\Program Files\VirtualBox\VBoxProxyStub.dll'
|
|---|
| 2239 | fe4.1050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 2240 | fe4.1050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000319c200:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2241 | fe4.1050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\oleaut32.dll'
|
|---|
| 2242 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 2243 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6a0000 'C:\Windows\system32\gdi32.dll'
|
|---|
| 2244 | fe4.dfc: \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll: Owner is administrators group.
|
|---|
| 2245 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006c8 pwszName=\Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2246 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2247 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2248 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BAE97CCF37353CEC29DD8DDA0ACE75BB110451A
|
|---|
| 2249 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
|
|---|
| 2250 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009456d0
|
|---|
| 2251 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2252 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BAE97CCF37353CEC29DD8DDA0ACE75BB110451A
|
|---|
| 2253 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
|
|---|
| 2254 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
|
|---|
| 2255 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll) WinVerifyTrust
|
|---|
| 2256 | fe4.dfc: Error (rc=0):
|
|---|
| 2257 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll: Not signed.
|
|---|
| 2258 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2259 | fe4.dfc: Error (rc=0):
|
|---|
| 2260 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2261 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2262 | fe4.d00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2263 | fe4.d00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2264 | fe4.d00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
|
|---|
| 2265 | fe4.d00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
|
|---|
| 2266 | fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2267 | fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2268 | fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2269 | fe4.d00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2270 | fe4.d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2271 | fe4.d00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
|
|---|
| 2272 | fe4.d00: supR3HardenedDllNotificationCallback: load 000007fef7600000 LB 0x0000e000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
|
|---|
| 2273 | fe4.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
|
|---|
| 2274 | fe4.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7600000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
|
|---|
| 2275 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2276 | fe4.dfc: Error (rc=0):
|
|---|
| 2277 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2278 | fe4.dfc: Error (rc=0):
|
|---|
| 2279 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2280 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2281 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2282 | fe4.dfc: Error (rc=0):
|
|---|
| 2283 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2284 | fe4.dfc: Error (rc=0):
|
|---|
| 2285 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2286 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2287 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2288 | fe4.dfc: Error (rc=0):
|
|---|
| 2289 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2290 | fe4.dfc: Error (rc=0):
|
|---|
| 2291 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2292 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2293 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2294 | fe4.dfc: Error (rc=0):
|
|---|
| 2295 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2296 | fe4.dfc: Error (rc=0):
|
|---|
| 2297 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2298 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2299 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2300 | fe4.dfc: Error (rc=0):
|
|---|
| 2301 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2302 | fe4.dfc: Error (rc=0):
|
|---|
| 2303 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2304 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2305 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2306 | fe4.dfc: Error (rc=0):
|
|---|
| 2307 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2308 | fe4.dfc: Error (rc=0):
|
|---|
| 2309 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2310 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2311 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2312 | fe4.dfc: Error (rc=0):
|
|---|
| 2313 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2314 | fe4.dfc: Error (rc=0):
|
|---|
| 2315 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2316 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2317 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2318 | fe4.dfc: Error (rc=0):
|
|---|
| 2319 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2320 | fe4.dfc: Error (rc=0):
|
|---|
| 2321 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2322 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2323 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2324 | fe4.dfc: Error (rc=0):
|
|---|
| 2325 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2326 | fe4.dfc: Error (rc=0):
|
|---|
| 2327 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2328 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2329 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2330 | fe4.dfc: Error (rc=0):
|
|---|
| 2331 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2332 | fe4.dfc: Error (rc=0):
|
|---|
| 2333 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2334 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2335 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2336 | fe4.dfc: Error (rc=0):
|
|---|
| 2337 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2338 | fe4.dfc: Error (rc=0):
|
|---|
| 2339 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2340 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2341 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2342 | fe4.dfc: Error (rc=0):
|
|---|
| 2343 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2344 | fe4.dfc: Error (rc=0):
|
|---|
| 2345 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2346 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2347 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2348 | fe4.dfc: Error (rc=0):
|
|---|
| 2349 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2350 | fe4.dfc: Error (rc=0):
|
|---|
| 2351 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2352 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2353 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2354 | fe4.dfc: Error (rc=0):
|
|---|
| 2355 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2356 | fe4.dfc: Error (rc=0):
|
|---|
| 2357 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2358 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2359 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2360 | fe4.dfc: Error (rc=0):
|
|---|
| 2361 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2362 | fe4.dfc: Error (rc=0):
|
|---|
| 2363 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2364 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2365 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2366 | fe4.dfc: Error (rc=0):
|
|---|
| 2367 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2048 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 2368 | fe4.dfc: Error (rc=0):
|
|---|
| 2369 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 2370 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 2371 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\shell32.dll'
|
|---|
| 2372 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll'
|
|---|
| 2373 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll'
|
|---|
| 2374 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\OLEAUT32.dll'
|
|---|
| 2375 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2376 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2377 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000948 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2378 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2379 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2380 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
|
|---|
| 2381 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
|
|---|
| 2382 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2383 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2384 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
|
|---|
| 2385 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2386 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 2387 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
|
|---|
| 2388 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
|
|---|
| 2389 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
|
|---|
| 2390 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2391 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2392 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2393 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 2394 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2395 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2396 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2397 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2398 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2399 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2400 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2401 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2402 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2403 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2404 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000954 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
|
|---|
| 2405 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2406 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2407 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
|
|---|
| 2408 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
|
|---|
| 2409 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2410 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2411 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
|
|---|
| 2412 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
|
|---|
| 2413 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2414 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
|
|---|
| 2415 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
|
|---|
| 2416 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
|
|---|
| 2417 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2418 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2419 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2420 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2421 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 2422 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2423 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2424 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2425 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2426 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2427 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2428 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2429 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2430 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031255f0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2431 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2432 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9d40000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
|
|---|
| 2433 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
|
|---|
| 2434 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
|
|---|
| 2435 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9ff0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
|
|---|
| 2436 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
|
|---|
| 2437 | fe4.dfc: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 2438 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2439 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fe0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
|
|---|
| 2440 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9d40000 'C:\Windows\system32\wbem\wbemprox.dll'
|
|---|
| 2441 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2442 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2443 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000097c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2444 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2445 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2446 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
|
|---|
| 2447 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
|
|---|
| 2448 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2449 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2450 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
|
|---|
| 2451 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
|
|---|
| 2452 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2453 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2454 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2455 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
|
|---|
| 2456 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2457 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2458 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031255f0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2459 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2460 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9850000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
|
|---|
| 2461 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
|
|---|
| 2462 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9850000 'C:\Windows\system32\wbem\wbemsvc.dll'
|
|---|
| 2463 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2464 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2465 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
|
|---|
| 2466 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2467 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2468 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
|
|---|
| 2469 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB976902~31bf3856ad364e35~amd64~~6.1.1.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
|
|---|
| 2470 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2471 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2472 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
|
|---|
| 2473 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
|
|---|
| 2474 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
|
|---|
| 2475 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
|
|---|
| 2476 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
|
|---|
| 2477 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
|
|---|
| 2478 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
|
|---|
| 2479 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
|
|---|
| 2480 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2481 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2482 | fe4.dfc: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2483 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000990 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
|
|---|
| 2484 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2485 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2486 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
|
|---|
| 2487 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
|
|---|
| 2488 | fe4.dfc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2489 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2490 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
|
|---|
| 2491 | fe4.dfc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
|
|---|
| 2492 | fe4.dfc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
|
|---|
| 2493 | fe4.dfc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
|
|---|
| 2494 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2495 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2496 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
|
|---|
| 2497 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2498 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2499 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2500 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2501 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
|
|---|
| 2502 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2503 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
|
|---|
| 2504 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2505 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2506 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2507 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2508 | fe4.dfc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 2509 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2510 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2511 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2512 | fe4.dfc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2513 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000031255f0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2514 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
|
|---|
| 2515 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9ec0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
|
|---|
| 2516 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
|
|---|
| 2517 | fe4.dfc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
|
|---|
| 2518 | fe4.dfc: supR3HardenedDllNotificationCallback: load 000007fef9e90000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
|
|---|
| 2519 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
|
|---|
| 2520 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9ec0000 'C:\Windows\system32\wbem\fastprox.dll'
|
|---|
| 2521 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\OLEAUT32.dll'
|
|---|
| 2522 | fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2523 | fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
|
|---|
| 2524 | fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2525 | fe4.abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll) WinVerifyTrust
|
|---|
| 2526 | fe4.abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2527 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2528 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2529 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
|
|---|
| 2530 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2531 | fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
|
|---|
| 2532 | fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2533 | fe4.abc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
|
|---|
| 2534 | fe4.abc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll) WinVerifyTrust
|
|---|
| 2535 | fe4.abc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll
|
|---|
| 2536 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2537 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2538 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2539 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2540 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2541 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2542 | fe4.abc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2543 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2544 | fe4.abc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2545 | fe4.abc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2546 | fe4.abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2547 | fe4.abc: supR3HardenedDllNotificationCallback: load 000007fef0df0000 LB 0x002ca000 C:\Program Files\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
|
|---|
| 2548 | fe4.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2549 | fe4.abc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll
|
|---|
| 2550 | fe4.abc: supR3HardenedDllNotificationCallback: load 0000000073c30000 LB 0x0010b000 C:\Program Files\VirtualBox\VBoxREM.dll [fFlags=0x0]
|
|---|
| 2551 | fe4.abc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxREM.dll
|
|---|
| 2552 | fe4.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0df0000 'C:\Program Files\VirtualBox\VBoxVMM.DLL'
|
|---|
| 2553 | fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2554 | fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2555 | fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2556 | fe4.12c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 2557 | fe4.12c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
|
|---|
| 2558 | fe4.12c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 2559 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2560 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2561 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2562 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2563 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2564 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2565 | fe4.12c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2566 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2567 | fe4.12c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2568 | fe4.12c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2569 | fe4.12c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 2570 | fe4.12c0: supR3HardenedDllNotificationCallback: load 000007fef64b0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
|
|---|
| 2571 | fe4.12c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedClipboard.dll
|
|---|
| 2572 | fe4.12c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef64b0000 'C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL'
|
|---|
| 2573 | fe4.12c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ee0000 'C:\Windows\system32\User32.dll'
|
|---|
| 2574 | fe4.5d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2575 | fe4.5d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2576 | fe4.5d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2577 | fe4.5d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
|
|---|
| 2578 | fe4.5d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 2579 | fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2580 | fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2581 | fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2582 | fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2583 | fe4.5d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll
|
|---|
| 2584 | fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2585 | fe4.5d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2586 | fe4.5d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll
|
|---|
| 2587 | fe4.5d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2588 | fe4.5d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 2589 | fe4.5d4: supR3HardenedDllNotificationCallback: load 000007fef4fd0000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
|
|---|
| 2590 | fe4.5d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDragAndDropSvc.dll
|
|---|
| 2591 | fe4.5d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4fd0000 'C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL'
|
|---|
| 2592 | fe4.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2593 | fe4.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2594 | fe4.105c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2595 | fe4.105c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
|
|---|
| 2596 | fe4.105c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 2597 | fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2598 | fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2599 | fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2600 | fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2601 | fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2602 | fe4.105c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2603 | fe4.105c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2604 | fe4.105c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 2605 | fe4.105c: supR3HardenedDllNotificationCallback: load 000007fef4fc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
|
|---|
| 2606 | fe4.105c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestPropSvc.dll
|
|---|
| 2607 | fe4.105c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4fc0000 'C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL'
|
|---|
| 2608 | fe4.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2609 | fe4.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
|
|---|
| 2610 | fe4.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2611 | fe4.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
|
|---|
| 2612 | fe4.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 2613 | fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2614 | fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2615 | fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
|
|---|
| 2616 | fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2617 | fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2618 | fe4.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2619 | fe4.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2620 | fe4.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 2621 | fe4.10cc: supR3HardenedDllNotificationCallback: load 000007fef4fb0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
|
|---|
| 2622 | fe4.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxGuestControlSvc.dll
|
|---|
| 2623 | fe4.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4fb0000 'C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL'
|
|---|
| 2624 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\Shell32.dll'
|
|---|
| 2625 | fe4.9f8: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 2626 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2627 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
|
|---|
| 2628 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2629 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2630 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0df0000 'C:\Program Files\VirtualBox\VBoxVMM.DLL'
|
|---|
| 2631 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2632 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2633 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2634 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
|
|---|
| 2635 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 2636 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
|
|---|
| 2637 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
|
|---|
| 2638 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2639 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2640 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2641 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2642 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2643 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2644 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2645 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2646 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2647 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2648 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2649 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
|
|---|
| 2650 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
|
|---|
| 2651 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
|
|---|
| 2652 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c80000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
|
|---|
| 2653 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
|
|---|
| 2654 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2655 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2656 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2657 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
|
|---|
| 2658 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
|
|---|
| 2659 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 2660 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 2661 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
|
|---|
| 2662 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
|
|---|
| 2663 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
|
|---|
| 2664 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll) WinVerifyTrust
|
|---|
| 2665 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll
|
|---|
| 2666 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
|
|---|
| 2667 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2668 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2669 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2670 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc8 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2671 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2672 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2673 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
|
|---|
| 2674 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
|
|---|
| 2675 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2676 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2677 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
|
|---|
| 2678 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
|
|---|
| 2679 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
|
|---|
| 2680 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
|
|---|
| 2681 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2682 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2683 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2684 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2685 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2686 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 2687 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 2688 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2689 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 2690 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2691 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2692 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
|
|---|
| 2693 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2694 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2695 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2696 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll) WinVerifyTrust
|
|---|
| 2697 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll
|
|---|
| 2698 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
|
|---|
| 2699 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2700 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2701 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2702 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2703 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
|
|---|
| 2704 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
|
|---|
| 2705 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll) WinVerifyTrust
|
|---|
| 2706 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll
|
|---|
| 2707 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2708 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2709 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2710 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2711 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2712 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2713 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2714 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2715 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2716 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 2717 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2718 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 2719 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2720 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2721 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2722 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2723 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2724 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2725 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2726 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2727 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2728 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2729 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2730 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2731 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
|
|---|
| 2732 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2733 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\winnsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2734 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\winnsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2735 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
|
|---|
| 2736 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2737 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2738 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
|
|---|
| 2739 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
|
|---|
| 2740 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2741 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2742 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2743 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
|
|---|
| 2744 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
|
|---|
| 2745 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
|
|---|
| 2746 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 2747 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2748 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 2749 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2750 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2751 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 2752 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2753 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 2754 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2755 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2756 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2757 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2758 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2759 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll
|
|---|
| 2760 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007feede80000 LB 0x009cf000 C:\Program Files\VirtualBox\VBoxDD.DLL [fFlags=0x0]
|
|---|
| 2761 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD.dll
|
|---|
| 2762 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll
|
|---|
| 2763 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef3020000 LB 0x00063000 C:\Program Files\VirtualBox\VBoxDDU.dll [fFlags=0x0]
|
|---|
| 2764 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDDU.dll
|
|---|
| 2765 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll
|
|---|
| 2766 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2cd0000 LB 0x0005d000 C:\Program Files\VirtualBox\VBoxDD2.dll [fFlags=0x0]
|
|---|
| 2767 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll
|
|---|
| 2768 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2769 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefada0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
|
|---|
| 2770 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2771 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
|
|---|
| 2772 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefad90000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
|
|---|
| 2773 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
|
|---|
| 2774 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede80000 'C:\Program Files\VirtualBox\VBoxDD.DLL'
|
|---|
| 2775 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
|
|---|
| 2776 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2777 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
|
|---|
| 2778 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
|
|---|
| 2779 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
|
|---|
| 2780 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c80000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
|
|---|
| 2781 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxC.dll
|
|---|
| 2782 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2783 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef10c0000 'C:\Program Files\VirtualBox\VBoxC.DLL'
|
|---|
| 2784 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxDD2.dll
|
|---|
| 2785 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2786 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2cd0000 'C:\Program Files\VirtualBox\VBoxDD2.DLL'
|
|---|
| 2787 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2788 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2789 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
|
|---|
| 2790 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
|
|---|
| 2791 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2792 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2793 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2794 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2795 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2796 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
|
|---|
| 2797 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2f30000 LB 0x0001f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
|
|---|
| 2798 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
|
|---|
| 2799 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f30000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
|
|---|
| 2800 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2801 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2802 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
|
|---|
| 2803 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
|
|---|
| 2804 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2805 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2806 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2807 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2808 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2809 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
|
|---|
| 2810 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c60000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
|
|---|
| 2811 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
|
|---|
| 2812 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c60000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
|
|---|
| 2813 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2814 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2815 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
|
|---|
| 2816 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
|
|---|
| 2817 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2818 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2819 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2820 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2821 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2822 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
|
|---|
| 2823 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0dd0000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
|
|---|
| 2824 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
|
|---|
| 2825 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0dd0000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
|
|---|
| 2826 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2827 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2828 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
|
|---|
| 2829 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
|
|---|
| 2830 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2831 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2832 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2833 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2834 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2835 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
|
|---|
| 2836 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0db0000 LB 0x00019000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
|
|---|
| 2837 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
|
|---|
| 2838 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0db0000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
|
|---|
| 2839 | fe4.1b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2840 | fe4.1b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
|
|---|
| 2841 | fe4.1b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
|
|---|
| 2842 | fe4.1b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
|
|---|
| 2843 | fe4.1b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 2844 | fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2845 | fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2846 | fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
|
|---|
| 2847 | fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2848 | fe4.1b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxVMM.dll
|
|---|
| 2849 | fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2850 | fe4.1b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2851 | fe4.1b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2852 | fe4.1b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 2853 | fe4.1b0: supR3HardenedDllNotificationCallback: load 000007fef2f20000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
|
|---|
| 2854 | fe4.1b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\VBoxSharedFolders.dll
|
|---|
| 2855 | fe4.1b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f20000 'C:\Program Files\VirtualBox\VBoxSharedFolders.DLL'
|
|---|
| 2856 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
|
|---|
| 2857 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
|
|---|
| 2858 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
|
|---|
| 2859 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
|
|---|
| 2860 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
|
|---|
| 2861 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
|
|---|
| 2862 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
|
|---|
| 2863 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2864 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2865 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 2866 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 2867 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2868 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2869 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2870 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
|
|---|
| 2871 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2872 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
|
|---|
| 2873 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2874 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2875 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
|
|---|
| 2876 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2f50000 LB 0x000cd000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
|
|---|
| 2877 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
|
|---|
| 2878 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2f50000 'C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
|
|---|
| 2879 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2880 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2881 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\Iphlpapi.dll'
|
|---|
| 2882 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2883 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2884 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d4c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
|
|---|
| 2885 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2886 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2887 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B9B444EEE6F858BAE572BDDE53A4FA1A1E7957B
|
|---|
| 2888 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
|
|---|
| 2889 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2890 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2891 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2892 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
|
|---|
| 2893 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
|
|---|
| 2894 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
|
|---|
| 2895 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2896 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2897 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
|
|---|
| 2898 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2899 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2900 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2901 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2902 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2903 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
|
|---|
| 2904 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefac20000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
|
|---|
| 2905 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
|
|---|
| 2906 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac20000 'C:\Windows\system32\dhcpcsvc6.DLL'
|
|---|
| 2907 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2908 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2909 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\IPHLPAPI.DLL'
|
|---|
| 2910 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2911 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2912 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
|
|---|
| 2913 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2914 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2915 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
|
|---|
| 2916 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
|
|---|
| 2917 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2918 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2919 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
|
|---|
| 2920 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
|
|---|
| 2921 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
|
|---|
| 2922 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
|
|---|
| 2923 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
|
|---|
| 2924 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
|
|---|
| 2925 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2926 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
|
|---|
| 2927 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 2928 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2929 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2930 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2931 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2932 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2933 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2934 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
|
|---|
| 2935 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefaae0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
|
|---|
| 2936 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
|
|---|
| 2937 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaae0000 'C:\Windows\system32\dhcpcsvc.DLL'
|
|---|
| 2938 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
|
|---|
| 2939 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2940 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefada0000 'C:\Windows\system32\IPHLPAPI.DLL'
|
|---|
| 2941 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2942 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2943 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 2944 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2945 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2946 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
|
|---|
| 2947 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
|
|---|
| 2948 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2949 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2950 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
|
|---|
| 2951 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 2952 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
|
|---|
| 2953 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
|
|---|
| 2954 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 2955 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
|
|---|
| 2956 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2957 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\propsys.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 2958 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\propsys.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 2959 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de0 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
|
|---|
| 2960 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 2961 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 2962 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
|
|---|
| 2963 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
|
|---|
| 2964 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 2965 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 2966 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
|
|---|
| 2967 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
|
|---|
| 2968 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
|
|---|
| 2969 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 2970 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
|
|---|
| 2971 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
|
|---|
| 2972 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2973 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2974 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2975 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2976 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2977 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2978 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 2979 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2980 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 2981 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2982 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 2983 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2984 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 2985 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2986 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 2987 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 2988 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003183b00:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 2989 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 2990 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefb4a0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
|
|---|
| 2991 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 2992 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
|
|---|
| 2993 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefb370000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
|
|---|
| 2994 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
|
|---|
| 2995 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\ADVAPI32.dll'
|
|---|
| 2996 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Windows\System32\MMDevApi.dll'
|
|---|
| 2997 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll'
|
|---|
| 2998 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 2999 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3000 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea10000 'C:\Windows\system32\SETUPAPI.dll'
|
|---|
| 3001 | fe4.80c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
|
|---|
| 3002 | fe4.80c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3003 | fe4.80c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\CFGMGR32.dll'
|
|---|
| 3004 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dsound.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3005 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\dsound.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3006 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3007 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3008 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3009 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
|
|---|
| 3010 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
|
|---|
| 3011 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3012 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3013 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3014 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 3015 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
|
|---|
| 3016 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
|
|---|
| 3017 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
|
|---|
| 3018 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
|
|---|
| 3019 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3020 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
|
|---|
| 3021 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3022 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3023 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\powrprof.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3024 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e44 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
|
|---|
| 3025 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3026 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3027 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
|
|---|
| 3028 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
|
|---|
| 3029 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3030 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3031 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
|
|---|
| 3032 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
|
|---|
| 3033 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
|
|---|
| 3034 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
|
|---|
| 3035 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3036 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3037 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 3038 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3039 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3040 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3041 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3042 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3043 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3044 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3045 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3046 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
|
|---|
| 3047 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3048 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
|
|---|
| 3049 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3050 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3051 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3052 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3053 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003183b00:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3054 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3055 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef03e0000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
|
|---|
| 3056 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3057 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
|
|---|
| 3058 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefa6a0000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
|
|---|
| 3059 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
|
|---|
| 3060 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3061 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3062 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\System32\dsound.dll'
|
|---|
| 3063 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\System32\dsound.dll'
|
|---|
| 3064 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3065 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3066 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\system32\dsound.dll'
|
|---|
| 3067 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
|
|---|
| 3068 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3069 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0c0000 'C:\Windows\system32\SHLWAPI.dll'
|
|---|
| 3070 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 3071 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3072 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Windows\system32\MMDEVAPI.DLL'
|
|---|
| 3073 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\Windows\system32\ole32.dll'
|
|---|
| 3074 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 3075 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3076 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll'
|
|---|
| 3077 | fe4.9f8: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 3078 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3079 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-Management-L1-1-0.dll'
|
|---|
| 3080 | fe4.9f8: supR3HardenedIsApiSetDll: '<NULL>' -> true
|
|---|
| 3081 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3082 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
|
|---|
| 3083 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\Windows\system32\RPCRT4.dll'
|
|---|
| 3084 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 3085 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3086 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Windows\system32\MMDevAPI.DLL'
|
|---|
| 3087 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3088 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3089 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e60 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3090 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3091 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3092 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
|
|---|
| 3093 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
|
|---|
| 3094 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3095 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3096 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 3097 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
|
|---|
| 3098 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
|
|---|
| 3099 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
|
|---|
| 3100 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
|
|---|
| 3101 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
|
|---|
| 3102 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
|
|---|
| 3103 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
|
|---|
| 3104 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3105 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
|
|---|
| 3106 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3107 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\avrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3108 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\avrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3109 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e70 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
|
|---|
| 3110 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3111 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3112 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
|
|---|
| 3113 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
|
|---|
| 3114 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3115 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
|
|---|
| 3116 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
|
|---|
| 3117 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 3118 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3119 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 3120 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
|
|---|
| 3121 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3122 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\ksuser.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3123 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\ksuser.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3124 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e64 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
|
|---|
| 3125 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3126 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3127 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
|
|---|
| 3128 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
|
|---|
| 3129 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3130 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3131 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
|
|---|
| 3132 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
|
|---|
| 3133 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3134 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3135 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
|
|---|
| 3136 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3137 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3138 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3139 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3140 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3141 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3142 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3143 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3144 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3145 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3146 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3147 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3148 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0d70000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
|
|---|
| 3149 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3150 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
|
|---|
| 3151 | fe4.9f8: supR3HardenedDllNotificationCallback: load 0000000074990000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
|
|---|
| 3152 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
|
|---|
| 3153 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
|
|---|
| 3154 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fefa690000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
|
|---|
| 3155 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
|
|---|
| 3156 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3157 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3158 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3159 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3160 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3161 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3162 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3163 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3164 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3165 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3166 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3167 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3168 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3169 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3170 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3171 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
|
|---|
| 3172 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3173 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3174 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B5BCEE9F60F75E176D19C778D9B6CD5DBEB84BB
|
|---|
| 3175 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
|
|---|
| 3176 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3177 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3178 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 3179 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
|
|---|
| 3180 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
|
|---|
| 3181 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
|
|---|
| 3182 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
|
|---|
| 3183 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
|
|---|
| 3184 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
|
|---|
| 3185 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
|
|---|
| 3186 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 3187 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3188 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 3189 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3190 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3191 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3192 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3193 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
|
|---|
| 3194 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3195 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
|
|---|
| 3196 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
|
|---|
| 3197 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3198 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3199 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3200 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3201 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3202 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3203 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
|
|---|
| 3204 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef78d0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
|
|---|
| 3205 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
|
|---|
| 3206 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef78d0000 'C:\Windows\system32\AUDIOSES.DLL'
|
|---|
| 3207 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3208 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3209 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3210 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
|
|---|
| 3211 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3212 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3213 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3214 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3215 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3216 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3217 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3218 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3219 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0d70000 'C:\Windows\system32\wdmaud.drv'
|
|---|
| 3220 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3221 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3222 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e58 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3223 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3224 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3225 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
|
|---|
| 3226 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
|
|---|
| 3227 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3228 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3229 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3230 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
|
|---|
| 3231 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
|
|---|
| 3232 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
|
|---|
| 3233 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
|
|---|
| 3234 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3235 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
|
|---|
| 3236 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3237 | fe4.9f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
|
|---|
| 3238 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
|
|---|
| 3239 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3240 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3241 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\msacm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3242 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e9c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
|
|---|
| 3243 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3244 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3245 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
|
|---|
| 3246 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
|
|---|
| 3247 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3248 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3249 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
|
|---|
| 3250 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
|
|---|
| 3251 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
|
|---|
| 3252 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
|
|---|
| 3253 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
|
|---|
| 3254 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
|
|---|
| 3255 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3256 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3257 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3258 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3259 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3260 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3261 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3262 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3263 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
|
|---|
| 3264 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3265 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3266 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3267 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
|
|---|
| 3268 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3269 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3270 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3271 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3272 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3273 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2dc0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
|
|---|
| 3274 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3275 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
|
|---|
| 3276 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef0d50000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
|
|---|
| 3277 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
|
|---|
| 3278 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3279 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3280 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3281 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3282 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3283 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3284 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3285 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3286 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3287 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3288 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3289 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3290 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3291 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3292 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3293 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3294 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
|
|---|
| 3295 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3296 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3297 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3298 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3299 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2dc0000 'C:\Windows\system32\msacm32.drv'
|
|---|
| 3300 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\midimap.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3301 | fe4.9f8: \Device\HarddiskVolume2\Windows\System32\midimap.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3302 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3303 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3304 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3305 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
|
|---|
| 3306 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
|
|---|
| 3307 | fe4.9f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3308 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3309 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
|
|---|
| 3310 | fe4.9f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
|
|---|
| 3311 | fe4.9f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
|
|---|
| 3312 | fe4.9f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3313 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
|
|---|
| 3314 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3315 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3316 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3317 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3318 | fe4.9f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3319 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3320 | fe4.9f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3321 | fe4.9f8: supR3HardenedDllNotificationCallback: load 000007fef2c50000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
|
|---|
| 3322 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3323 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll'
|
|---|
| 3324 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3325 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3326 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll'
|
|---|
| 3327 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3328 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3329 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll'
|
|---|
| 3330 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
|
|---|
| 3331 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3332 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c50000 'C:\Windows\system32\midimap.dll'
|
|---|
| 3333 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll'
|
|---|
| 3334 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3335 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3336 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\system32\dsound.dll'
|
|---|
| 3337 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll'
|
|---|
| 3338 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\WINMM.dll'
|
|---|
| 3339 | fe4.abc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\OLEAUT32.dll'
|
|---|
| 3340 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 3341 | fe4.dfc: Error (rc=0):
|
|---|
| 3342 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4096 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 3343 | fe4.dfc: Error (rc=0):
|
|---|
| 3344 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 3345 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 3346 | fe4.11e0: \Device\HarddiskVolume2\Windows\System32\mswsock.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3347 | fe4.11e0: \Device\HarddiskVolume2\Windows\System32\mswsock.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3348 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f3c pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
|
|---|
| 3349 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3350 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3351 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=622534330644BBBA6963C90CCFEC015B1518D5BA
|
|---|
| 3352 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
|
|---|
| 3353 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3354 | fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
|
|---|
| 3355 | fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
|
|---|
| 3356 | fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
|
|---|
| 3357 | fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
|
|---|
| 3358 | fe4.11e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
|
|---|
| 3359 | fe4.11e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
|
|---|
| 3360 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3361 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3362 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
|
|---|
| 3363 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3364 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
|
|---|
| 3365 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3366 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
|
|---|
| 3367 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3368 | fe4.11e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3369 | fe4.11e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
|
|---|
| 3370 | fe4.11e0: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
|
|---|
| 3371 | fe4.11e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
|
|---|
| 3372 | fe4.11e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\Windows\system32\mswsock.dll'
|
|---|
| 3373 | fe4.11e0: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 51 d2 fd c9 5e 14 43 73 0b 52 b2 bd f4 01 00 00)
|
|---|
| 3374 | fe4.11e0: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
|
|---|
| 3375 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
|
|---|
| 3376 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009456d0
|
|---|
| 3377 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009456d0
|
|---|
| 3378 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
|
|---|
| 3379 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
|
|---|
| 3380 | fe4.11e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
|
|---|
| 3381 | fe4.11e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
|
|---|
| 3382 | fe4.11e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
|
|---|
| 3383 | fe4.11e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
|
|---|
| 3384 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
|
|---|
| 3385 | fe4.11e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
|
|---|
| 3386 | fe4.11e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3387 | fe4.11e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
|
|---|
| 3388 | fe4.11e0: supR3HardenedDllNotificationCallback: load 000007fefc270000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
|
|---|
| 3389 | fe4.11e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
|
|---|
| 3390 | fe4.11e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc270000 'C:\Windows\System32\wshtcpip.dll'
|
|---|
| 3391 | fe4.9f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
|
|---|
| 3392 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3393 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef03e0000 'C:\Windows\system32\dsound.dll'
|
|---|
| 3394 | fe4.9f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7980000 'C:\Windows\system32\winmm.dll'
|
|---|
| 3395 | fe4.7d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
|
|---|
| 3396 | fe4.7d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000319d2e0:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3397 | fe4.7d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef78d0000 'C:\Windows\System32\audioses.dll'
|
|---|
| 3398 | fe4.114c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
|
|---|
| 3399 | fe4.114c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a3eb0:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ [calling]
|
|---|
| 3400 | fe4.114c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\avrt.dll'
|
|---|
| 3401 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 3402 | fe4.dfc: Error (rc=0):
|
|---|
| 3403 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8192 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 3404 | fe4.dfc: Error (rc=0):
|
|---|
| 3405 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 3406 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 3407 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 3408 | fe4.dfc: Error (rc=0):
|
|---|
| 3409 | fe4.dfc: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16384 \Device\HarddiskVolume2\Program Files (x86)\Quick Macros 2\ver 0x2030307\qmhook64.dll
|
|---|
| 3410 | fe4.dfc: Error (rc=0):
|
|---|
| 3411 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: rejecting 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll' (c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll): rcNt=0xc0000190
|
|---|
| 3412 | fe4.dfc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'c:\program files (x86)\quick macros 2\ver 0x2030307\qmhook64.dll'
|
|---|
| 3413 | fe4.1b0: supR3HardenedDllNotificationCallback: Unload 000007fef2f20000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
|
|---|
| 3414 | fe4.10cc: supR3HardenedDllNotificationCallback: Unload 000007fef4fb0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
|
|---|
| 3415 | fe4.105c: supR3HardenedDllNotificationCallback: Unload 000007fef4fc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
|
|---|
| 3416 | fe4.5d4: supR3HardenedDllNotificationCallback: Unload 000007fef4fd0000 LB 0x0000d000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
|
|---|
| 3417 | fe4.12c0: supR3HardenedDllNotificationCallback: Unload 000007fef64b0000 LB 0x0000b000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
|
|---|
| 3418 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fefc270000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [flags=0x0]
|
|---|
| 3419 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef0db0000 LB 0x00019000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
|
|---|
| 3420 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef0dd0000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
|
|---|
| 3421 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2c60000 LB 0x00018000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
|
|---|
| 3422 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2f30000 LB 0x0001f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
|
|---|
| 3423 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2c80000 LB 0x00041000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
|
|---|
| 3424 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007feede80000 LB 0x009cf000 C:\Program Files\VirtualBox\VBoxDD.DLL [flags=0x0]
|
|---|
| 3425 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef2cd0000 LB 0x0005d000 C:\Program Files\VirtualBox\VBoxDD2.dll [flags=0x0]
|
|---|
| 3426 | fe4.9f8: supR3HardenedDllNotificationCallback: Unload 000007fef3020000 LB 0x00063000 C:\Program Files\VirtualBox\VBoxDDU.dll [flags=0x0]
|
|---|
| 3427 | fe4.dfc: supR3HardenedDllNotificationCallback: Unload 000007fef7600000 LB 0x0000e000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
|
|---|
| 3428 | fe4.dfc: Terminating the normal way: rcExit=0
|
|---|
| 3429 | e7c.df4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 176826 ms, the end);
|
|---|
| 3430 | 12d8.1364: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 177215 ms, the end);
|
|---|